Would you like to secure your Time Machine backup data so other people wouldn’t be able to view your files if your backup drive fell into the wrong hands? Apple doesn’t provide a built-in way to encrypt your Time Machine backup files but it can be done. A clever individual named Jay has figured out how to do it and has the best documentation that I could find on how to setup encrypted Time Machine backups. Thanks Jay.

In previous Tech Tips, I’ve written about how useful Time Machine can be as well as how to setup Time Machine and test your Time Machine backups. Apple got a lot of things when they created Time Machine. It’s by far the easiest backup system to setup, monitor and to use to restore a file. Having said that it does have some short-coming including the fact that it doesn’t let you automatically switch between multiple hard drives and it doesn’t let you encrypt your backup data. I describe how to manually switch between drives but Jay offers a way to automate the process. I haven’t tested his method myself but I have successfully setup encrypted Time Machine backups.

Jay provides excellent step-by-step setup instructions but here’s a quick overview.

You obviously need an external hard drive on which Time Machine will store the encrypted data. (Time Machine comes with Mac OS X 10.5 or newer.) Next, you use Disk Utility to create an appropriately named encrypted sparse bundle disk image which you put on the external hard drive. Save the password for your disk image and then move this saved password from your own Login keychain to the System keychain. The disk image then needs to be tweaked slightly so Time Machine will be able to figure out that it can store your data in it. This is accomplished by creating a custom preference (plist) file and putting this plist file into your Disk Image. Finally, select the external hard drive in Time Machine Preferences and Time Machine will magically store the backup data inside the disk image.

This post builds upon the information that I presented in my last blog entry about how to securely store personal information on your Mac. A disk image file is a special kind of file. When a disk image file is opened it makes the computer think that an actual disk, like a CD, has been physically inserted into the computer. Thus, a disk image file, or more simply a disk image, can be thought of as a virtual disk.

How to create and use a password-protected (encrypted) disk image in Mac OS X 10.4, 10.5 or 10.6

1. Go to your Applications folder and open the Utilities folder.

2. Open Disk Utility (/Applications/Utilities/).

3. Click the “New Image” button, or choose New > Blank Disk Image from the Disk Utility File menu.

• Enter a name for your disk image file in the Save As field

• Change the save destination to either your Documents folder or your Desktop, whichever you prefer.

• Set Volume Name set to “Virtual Disk” (In 10.6 the field is called “Name”, not “Volume Name”)

• Select a Volume Size for the image file. If you’re just going to store a few Word or Excel files in the disk image then 10 or 20 MB should be large enough. (In OS X 10.6 40 MB is the smallest you can select.) You can choose any size you’d like by selecting “Custom” at the bottom. If you ever fill your disk image you can always create a larger one and move the files from the smaller disk image to the larger one.

• Leave the volume format set to “Mac OS X Extended (Journaled)” (In 10.6 the field is called “Format”, not “Volume Format”)

• Leave “Partitions” set to “No partition map”

• Leave the Image Format set to “read/write disk image”

• Set Encryption to “128-bit AES” if your Mac uses Mac OS X 10.4. Choose “256-bit AES” if your Mac uses Mac OS X 10.5 or 10.6

Warning: If you forget the password to your encrypted disk image, your data will be irretrievably lost so please write down your password on a piece of paper. This is just a precautionary measure.

• Click the Create button.

• Important: In this next step you’ll need to first uncheck “Remember password (add to keychain)” then twice enter a strong password. This password is used to secure your disk image.  [By "strong password," I mean one this is long and contains a mix of letter, numbers, odd capitalization and punctuation marks or at least most of these features. For example, 1%milKisgooDforyoU is a strong password.]

• Click OK

4. The disk image file will be created and then it’ll be opened automatically.

5. Look at your Desktop you should see an icon named Virtual Disk. This is what appears whenever your disk image is opened. Copy a file into this Virtual Disk. Notice that the file will automatically be copied when you put it in the Virtual Disk. The original file will remain where it is so you’ll probably want to put it into the Trash in a couple of days after you’re sure you understand how your new disk image works.

6. Close Virtual Disk by dragging its icon to the Trash, which will eject this virtual or fake disk.

7. Now, locate your disk image file. (It’s in the location that you selected in step 3, second bullet). Double-click your disk image file. Enter your password when prompted and then click the “OK” button. You should now see the icon for Virtual Disk again. Open it and you’ll see the file that you copied into it.

8. Now that you know how to use your disk image you can copy more files into it and you can delete the originals. For example, if you keep a list of passwords or other sensitive information in a Word or Excel file, copy this file into the secure disk image. Once you’ve confirmed that this file is inside your disk image then throw away the original file so it’s no longer sitting unprotected on your Mac’s hard drive.

9. Don’t leave your Virtual Disk on the Desktop all day long. That defeats the added security. Only open it when you need it and then close it when you’re done by dragging its icon to the Trash icon on your Dock.

Do you have personal or sensitive information about yourself or your clients on your Mac? Such as credit card numbers or passwords? If so, I recommend storing this information in a special kind of file known as an encrypted disk image. I store a list of my own passwords and other sensitive information in such a file on my Mac laptop. This file is thus always readily available while still being inaccessible by others even if my laptop were stolen.

Without getting very technical, disk images were invented as a way to make a backup copy of a disk such as a floppy or CD, but other uses have emerged over time. Mac OS X lets you create a blank disk image that can be thought of as an empty folder. Additionally, this file can be encrypted which requires a password when you open it. Thus, in an over-simplified way, you can think of an encrypted disk image as a password-protected folder.

Read my next blog post for step-by-step instructions on how to create and use an encrypted disk image on your Mac. After creating your own secure disk image, copy the files that you want to protect into this disk image. For example, if you keep a list of passwords or other sensitive information in a Word or Excel file, copy this file into the secure disk image. Once you’ve confirmed that this file is inside your disk image then throw away the original file so it’s no longer sitting unprotected on your Mac’s hard drive.