Shirt Pocket Discussions  
    Home netTunes launchTunes SuperDuper! Buy Now Support Discussions About Shirt Pocket    

Go Back   Shirt Pocket Discussions > SuperDuper! > General

 
 
Thread Tools Rate Thread Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 02-04-2018, 03:09 PM
wildthing wildthing is offline
Registered User
 
Join Date: Dec 2011
Posts: 28
Encrypted APFS clones

I have several questions regarding encrypted clones and APFS.
  1. This thread describes a method for creating bootable encrypted clones. Does it still work with APFS using the latest SuperDuper?
  2. In the same thread, Dave said "if you want an encrypted backup but don't care about bootability ... you can do that, too...". How would you do that, and does that still work with APFS?
  3. Is it possible to configure a clone such that a unique high-entropy random passphrase is required to decrypt it, and it cannot be decrypted using any of the macOS account passwords that reside in the OS that's been cloned?

The reason for question 3 is that macOS account passwords usually need to be memorized by a human, and therefore tend to have much lower entropy than truly random long passphrases. Furthermore my backup drives are transported to, and stored in, various offsite locations. For this reason I want this additional level of protection on my backups, compared to my actual computers which stay at home.

Before APFS came along, I was able to create clones which were both bootable and encrypted using SuperDuper, and which required a unique passphrase which was totally distinct from any of the macOS account passwords. I did this by using Disk Utility to first create an HFS+ volume encrypted with a unique high-entropy random passphrase, and then cloning to it using SuperDuper. When I booted from the clone, the following happened:
  • I was FIRST prompted to decrypt the drive - the prompt was usually (but not always) for a user called "[Update Needed]". A this point I HAD to type the unique high-entropy random passphrase for the drive - macOS account passwords were NOT accepted
  • I THEN got a normal macOS login screen where I could select a macOS account, and then log in as normal

When I tried to do the same thing with APFS using the latest SuperDuper 3.1.4, I found that SuperDuper replaced my encrypted APFS volume with a plain old non-encrypted APFS volume - which is not what I wanted.

Has the capability to generate bootable encrypted clones that require a distinct passphrase vanished with the move to APFS?

Last edited by wildthing; 02-04-2018 at 03:19 PM. Reason: Minor edits for clarity
Reply With Quote
 

Tags
apfs, encrypted


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Mountain Lion, FileVault 2 and Encrypted Backup Drives Kampernaut General 7 09-30-2012 01:46 PM
Security of Encrypted Disk Images CharPatton General 6 01-18-2011 06:09 AM
Multiple Bootable Clones clcgit General 7 04-30-2010 01:12 AM
Is it possible to create an encrypted disk image file with SuperDuper? Bob General 6 04-24-2010 12:16 AM
SuperDuper Backup of AES 128 Encrypted Disk Image rwg4 General 3 11-30-2005 10:28 AM


All times are GMT -4. The time now is 10:27 PM.


Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2018, vBulletin Solutions, Inc.