Blog Rss FeedIn this article we are going to use the same principle as described on previews article to create an encrypted backup.
Creating an encrypted image
Hdiutil have an option to create encrypted images. We just add -encryption to the previews example to encrypt the disk image you are creating.
If I use the option -encryption alone hdiutil will popup a dialog box asking to enter a password to protect that disk image. By adding the option -stdinpass as well, hdiutil will not popup a dialog box but ask for the password directly in my Terminal.app window.
Once you have created the new encrypted image, you can burn it on a blank CD or DVD.
Here is an example on how to create an encrypted disk image:
$ hdiutil create -encryption -stdinpass -srcfolder ~/Documents /tmp/documents.dmg Enter disk image passphrase: ...................................................................... created: /tmp/documents.dmg
If if you want to access the content of this disk image, juste attach it using hdiutil as described in the previews article. The system will ask for the password allowing the access of the disk image content, and mount the volume.
We can test our new image as follow:
fred[576]> hdiutil attach -noverify -stdinpass /tmp/documents.dmg Enter disk image passphrase: /dev/disk4 Apple_partition_scheme /dev/disk4s1 Apple_partition_map /dev/disk4s2 Apple_HFS /Volumes/Documents
Now this is the most important part of the operation. If you use the burn command as described in the preview article hdiutil will decrypt the disk image before it burning it on the CD rom. What we need to do is to create a container, then copy the encrypted disk image into the container and burn that container image on CD.
Now you should be more familiar with hdiutil. I will run all the commands in a row and explain the important steps at the end.
$ ls -s /tmp/documents.dmg 991360 /tmp/documents.dmg $ hdiutil create -volname Documents -size 1090496b /tmp/container.dmg -fs HFS -attach ............................................................................... /dev/disk6 Apple_partition_scheme /dev/disk6s1 Apple_partition_map /dev/disk6s2 Apple_HFS /Volumes/Documents created: /tmp/container.dmg $ mv /tmp/documents.dmg /Volumes/Documents $ hdiutil detach /Volumes/Documents "disk6" unmounted. "disk6" ejected. $ hdiutil burn -noverifyburn /tmp/container.dmg Please insert a disc: Preparing data for burn Opening session Opening track Writing track .............................................................................. Closing track .............................................................................. Closing session Finishing burn ............................................................................... Burn completed successfully ............................................................................... hdiutil: burn: completed
The ls -s command return the size in blocs, of the documents.dmg file. I can use that size to create the container large enough to contain my encrypted disk image. I just add ~1% for the filesystem information.
The option -attach tells hdiutil to attach the new volume when created. When the container is created and attached we can move (copy) the encrypted disk image into it.
Once this is done. The container can be detached and burn into a CD.
The goal of this article is to help you understand how it is done inside some backup software you can buy on the market, or download for free on the internet. I am not expecting you to type every day all these commands to backup your important data. This usually goes inside a shell script. Feel free to write your own script. I'll be pleased to help you do it. You can contact me on irc on irc://irc.freenode.net:#velvnet
If you want more information on HDUTIL(1) you can read the MacOS X man pages.