Encrypted TimeMachine backups on network share

Mac OS normally doesn’t allow you to use network shares as targets for TimeMachine backups. This can be worked around, tho. ­čÖé

First you need to tweak Mac OS to accept network shares by entering the following command in a Terminal session:

defaults write com.apple.systempreferences TMShowUnsupportedNetworkVolumes 1

That would already allow you to store your backups on a network share. But do you really want to trust your valuable data to a network share that can potentially be accessed by untrusted users, such as your favorite bastard admin from hell?! :)

Here’s when the following comes in:

You will create an encrypted sparse bundle and use it as a target for the backup.

Start Disk Utility from Utilities and click New Image in the toolbar. In Save as move to a local location where you would like to create the backup on and enter a filename that matches the following template:

<Computer Name>_<Ethernet Address>.sparsebundle

For <Computer Name> enter the name of your Mac which you can look up under System -> Preferences -> Sharing. For <Ethernet Address> enter the Ethernet address (aka “MAC address”) of your network interface that you use to access the network share, in the format 112233445566.

For the volume name, choose Time Machine. Choose a volume size that is as large as the backup should get. Note that the image file won’t be as large from the beginning on, but it may later grow to that size. Choose an encryption mode; 128-bit AES should be fine. Very important: As an Image Format choose Sparse bundle disk image. Press Create. When prompted for a password, enter a “strong” password that’s not easy to guess. Check Remember password in my keychain.

Finally, move the sparsebundle to your network share where you would like your backup to be stored.

Now you need to move your saved password from the Login keychain to the System keychain so that it is automatically used by Time Machine. Open Keychain Access from your Utilities folder and select the Login keychain. Drag the disk image password for the sparsebundle file you just created to the System keychain. Enter your password, and when Keychain Access asks you whether you want to allow access to the stored password, click Allow.

Now start Time Machine in System Preferences, click Change Disk, and then select the network share where you would like your backup created.

That should be it!

One thought on “Encrypted TimeMachine backups on network share”

  1. This sounds great. I’m looking for an encrypted backup solution. I wonder if this solution will work with an encrypted sparse bundle on Snow Leopard 10.6.3? Any guidance is greatly appreciated!

Leave a Reply

Your email address will not be published. Required fields are marked *