MacOS – Encrypt Time Machine backups without deleting old backups

macostime-machine

I'm on Mavericks (10.9.5). I have an external USB drive that I use exclusively for Time Machine backups.

I just realized that the backups are unencrypted. Is there a way to configure Time Machine to encrypt all backups on this drive, both existing backups and future backups, without erasing the existing backups?

This answer indicates that it can be done with "sparsebundles", but the post is 5 years old and it seems risky.

Is there an easier way?

Update: I was mistaken that the backups were unencrypted — they are actually encrypted. I was fooled because Time Machine preference window includes the word "encrypted" below the listed backup disks, but only if the backup disk is plugged in. If the backup disk is not plugged in, Time Machine still lists the backup drive, but it loses the label "encrypted". Doh! In Disk Utility, I verified that the disk is encrypted with FileVault2; moreover, OS X prompts me for a password when I plug in the disk. Would still like to know the answer to my original question though.

Best Answer

Try at your own risk, but this might work:

  1. Rename the {machine}.sparsebundle to {machine}-unencrypted.sparsebundle
  2. Show package contents on the sparsebundle
  3. Make a backup of com.apple.TimeMachine.MachineID.plist
    • Copy it to com.apple.TimeMachine.MachineID.plist.original
  4. Open com.apple.TimeMachine.MachineID.plist
  5. Set some placeholder value in com.apple-backup.HostUUID, for example seedotoriginal
  6. Save and close

This should allow you to start making a new encrypted backup. Eventually {machine}.sparsebundle should appear next to the previous one ({machine}-unencrypted.sparsebundle).

If you need to restore from the unencrypted backup, you can replace com.apple.TimeMachine.MachineID.plist with com.apple.TimeMachine.MachineID.plist.original.

Once the encrypted backup procedure has completed, you can delete the unencrypted backup sparsebundle (watch out, that may take quite long).

Note that it might be still possible to fetch the deleted, unencrypted data from the disk. I would recommend getting another disk so that you can properly clean the disk from unencrypted files by writing zeros to it a couple of times, before starting to make encrypted backups on it.

Related Question