Fork me on GitHub

Encrypted Sparse Images

Data can be encrypted on the fly using an encrypted sparse disk image. The advantage of sparse images is that the storage initially required by the image file within the host file system is quite low. The image file then automatically expands in chunks, as files are added to the sparse image file system. This means you can set the disk to have 50GB of free space. Yet, initially the image file may only consume 500MB of space within the host file system.

Sparse disk images are typically more prone to developing issues than standard disk images, particularly if they are not unmounted correctly. You will need to decide for your self as to which kind of system is appropriate for your requirements.

Mac OS X Specific Information

In addition, there are knowen bugs with Mac OS X 10.4.4 and earlier when handling large disk images. Ensure that your system is updated to Mac OS 10.4.10 or a later if you are dealing with large disk images.

Create a Sparse Encrypted Disk Image

The easiest way of creating a sparse encrypted disk image under 10.4.x or later is to use the Disk Utility tool. If you would like to use the command line check out this article on Mac OSX Hints check the hdiutil manpage or skip below for a usage overview of hdiutil command for generating an encrypted disk image :

  • hdiutil create -size thesize -volname volname -encryption -type SPARSE -fs HFS+ thename

Example below creates a five gigabyte sparse bundle image within the temporary directory on your system (prompted for passphrase) :

hdiutil create -size 5g -volname 5gig_test -encryption -type SPARSEBUNDLE -fs HFS+ /tmp/5gig_test

  • Note : When creating a disk image for backup or important information storage it is advisable to store the image somewhere within the filesystem which will persist after a restart of the system. Typically any items stored within the /tmp/ directory will be removed once the system has been a rebooted. In some cases files within the /tmp/ directory could be removed even between reboots. The example above generates the 5gig_test.sparsebundle image within the /tmp/ directory. This is an example of the command, it is recommended that you specify a different path when you create a backup disk image or at the least move it to a more permanent location within your file system structure once it has been generated.

Expanding a Sparse Disk Image

The command below will allow you to grow a sparse encrypted image file under Mac OS X using the hdiutil tool to a total of 10GB.

  • hdiutil resize -growonly -size 10g diskimage.sparseimage

Further information relating to manipulating the sizes of images with hdiutil is available from the following links :

Backup of Images Files

Mac OS X 10.5 has a new kind of sparse disk image type called a “sparsebundle”. There are reports that it is possible to backup sparsebundle images while they are mounted. Although this is an option, Apple has not explicitly stated that they support the backup of mounted read/write disk images. TimeMachine is evidence of this, as it will currently only backup home directories with FileVault enabled when the FileVault user is not logged into the machine. Therefore, it is recommended that any backups made from read/write disk images only occur when it is unmounted. It is possible to use transfer and update a sparsebundle over the network with rsync.

If you want to make a backup of your home directory while you are logged in and you have FileVault enabled, it is currenlty recommend that any backups are made from the image mount point. Although, this will be more CPU intensive, it has been tested to result in a known good backup. This can be configured with a pre action script which ensures the user is logged into the system.

The ability to backup the actual bands (components of the image file) is very interesting. The LBackup team is currently preforming integrity tests on backups made from the bands of sparsebundle images, while the images are mounted and in use. In addition the LBackup team is in the process of identifying how to simplify the backup of FileVault home directories under Mac OS 10.5 and later. If you have experience with regards the backup of sparsebundle images then we would be interested in your opinions.
Finally, if you are upgrading from Mac OS 10.3 or later to Mac OS 10.5 and have FileVault enabled, you should check the Apple forums before commencing with your upgrade. It is also recommend that you check the LBackup known issues page before you reinstall LBackup.