chester's blog

technology, travel, comics, books, math, web, software and random thoughts

A Step-by-step Guide to Configure Encrypted Time Machine Backups Over a non-(Time Capsule) Network Share

| Comments

Time Machine is a wonderful piece of software, in no small part for following Mac OS X’s philosophy of simplifying common tasks, but allowing advanced users to go “under the hood”. My issue: I wanted to back up to a hard disk shared by this nice router, and I also wanted encryption.

The best Time Machines are designed in California.

The best Time Machines are designed in California.

Unfortunately, Time Machine won’t do network backups except on Apple Time Capsule, most likely due to its reliance on Unix hard links, which typical Windows (SMB/CIFS)/FAT device based networks (like mine) won’t do. Filesystem-based encryption is also a no-no. And even if that worked, my other devices (such as my XBMC-powered Raspberry Pi) need open access to the files already shared.

Mac OS X sparse images (aka sparse bundles) to the rescue. They are just like the .dmg files you get when downloading Mac software from a website, but supporting all the goodies mentioned above (encryption and hard links) and a bonus: they auto-grow (to a specified limit) as they need more space. Time Machine is capable to use one of those – as long as you can trick it into that, which can be tricky.

I found some great articles online on how to create an sparse image, encrypt it and convince Time Machine to use it, and here is a step-by-step mix of their tips that worked for me:

Step 1: Naming the image

The image file name should contain your computer name and wi-fi address. To ensure that, open your Terminal and paste these commands:

MAC_ADDRESS=`ifconfig en0 | grep ether | awk '{print $2}' | sed 's/://g'`
SHARE_NAME=`scutil --get ComputerName`
IMG_NAME=${SHARE_NAME}_${MAC_ADDRESS}.sparsebundle
echo $IMG_NAME

If you read something like <name>_<hexdigits>.sparsebundle, you are good to go.

Step 2: Creating the image and encrpyting it

Before you paste/type the next block of Terminal voodoo, change the line MAXSIZE=750g to the maximum size you want the sparse image to grow (after that, Time Machine will delete older backups, as usual), .e.g: MAXSIZE=300g. Use the same Terminal window from step 1, as this code depends on the name generated there.

MAXSIZE=750g
hdiutil create -size $MAXSIZE -type SPARSEBUNDLE -nospotlight -volname "Backup of $SHARE_NAME" -fs "Case-sensitive Journaled HFS+" -verbose unencrypted_$IMG_NAME
hdiutil convert -format UDSB -o "$IMG_NAME" -encryption AES-128 "unencrypted_$IMG_NAME"
rm -Rf "unencrypted_$IMG_NAME"

You will be asked for a password (I’d recommend a passphrase, but it’s up to you), and the sparse image file will be on your home folder.

Do not double click/open it yet.

Step 3: Asking Time Machine to play nice

Open Finder and move the image from your home directory to the network share (or copy and delete the original). Now double-click to mount it, enter the password and the “Backup of YourComputerName” should appear on finder. Hooray – except that Time Machine won’t allow you to select it.

We’ll need to force its hand with this last block of commands (yet on that same Terminal window):

defaults write com.apple.systempreferences TMShowUnsupportedNetworkVolumes 1
sudo tmutil setdestination "/Volumes/Backup of $SHARE_NAME"

Enter your Mac user’s password when prompted, and when you open Time Machine preferences, you’ll see “Backup of your_computer_name” configured as the backup volume. As long as it is mounted, it should work with Time Machine just like an USB HD.

Caveat

As with standard Time Machine backups, these can be accessed by any Mac, as long as you have the volume password. I’m not sure, however, whether they can be used for a full restore on a new machine (probably yes if you do the first and third steps, but did not test that far).

Personally, I’m not much of a fan of doing full restore on a different machine/OS version. Although I’ve seen it work, I’d rather start from scratch, copying files from the latest backup of the old computer on a need-to basis. If you think otherwise, this solution may not be the best for you.

UPDATE: This was tested in Mac OS X versions 10.7.5 and 10.8.3. Older versions might work as long as they support encrypted bundles, but I’m not really sure. Let me know on comments below if it does not work for you (and what happened).

Comments