Which encryption model (single-key, per-file-key) does APFS use after 10.13 upgrade

filevault upgrade apfs encryption high-sierra

Based on Apple's developer documentation, APFS appears to support three models of disk encryption:

  • No encryption
  • Single-key encryption
  • Multi-key encryption with per-file keys for file data and a separate key for sensitive metadata

Following the upgrade to 10.13 and the in-place filesystem migration from CoreStorage/FileVault/HFS+ to Encrypted APFS, which of these models is in use?

diskutil and related tools do not appear to provide any indication of which model is in use, and I would like to know, for the purpose of data recoverability and O(1) secure file erasure capabilities, whether multi-key is in use on my machine and disks.


Hey you asked this a while ago but I asked the same question on the Apple community discussion board recently and apparently we were just misreading that documentation.

APFS uses both single-key and multi-key encryption models simultaneously. The single-key system encrypts the container, and each file within it is encrypted with its own key pair.

Related

MBP Battery Consumption and Charging Speed app?
How can I create a CD installer in ISO format for macOS High Sierra?
Issue with iPhone to Google Photos backup
SafariBookmarksSyncAgent makes new iMac freeze
Can you still ’undo’ on the iPhone in iOS 11?
When did Apple add support for 3D models in Quick Look and Preview?
Dock icons switch to generic ones
How do delete permanently (not hide) some of my iBooks?
Modifier Keys not working for swapping Option/Command on external USB Keyboard
Opening New Terminal Tab Moves Window Above Dock
Data.Aeson import Key
Use of "it" in titles