Can I encrypt data on an external hard drive without reformatting it first?
I back up to an external NAS drive with 2 partitions, one using time machine and the other superduper to make a bootable copy of my mac.
I would like to encrypt the data on there but from what I've read I will need to move the data, format the drive and then move the data back.
Does anyone know another way to do this? or software that will enable this?
Solution 1:
What you are looking for is encrypting a drive "in place". Some software packages do provide this, however you can also do this with Lion's built-in whole disk encryption, which you have to enable via the terminal, since the diskutility does not expose this functionality. It was intended only to encrypt the main OS disk in place, but is available if you need to do it by hand for other volumes.
Instructions can be found here:
http://www.red-sweater.com/blog/1935/lions-whole-disk-encryption
Excerpt:
To convert an arbitrary volume to Lion’s whole-disk encryption, you use diskutil’s core storage “convert” command, and provide a passphrase. For example, if you have a volume called “Data” attached to your Mac, you would run something like this from the command line:
% diskutil cs convert /Volumes/Data -passphrase [yourPasswordHere]
What this does is kicks off a conversion process similar to what the System Preferences panel does when allowing you to convert your main startup volume to core storage with encryption. At any time during the conversion, you can use the diskutil command again to see status of your volumes, whether they are encrypted, not encrypted, or in-progress while converting.
% diskutil cs list
You’ll see a bunch of information, but search carefully for the named volume (e.g. “Data”) that you just started the conversion process on. You’ll find a line starting with something like:
Size (Converted):
This shows you what the progress in the conversion is. From time to time, check this manually, to see how far along things have progressed.
I'm not sure that this will work on a network volume. If not, check out TruCrypt carefully. It allows in place encryption of non-system windows volumes, and so it may have the same functionality for OS X volumes. Otherwise, the google search (first link in this answer) does bring up some other options.
Solution 2:
Yes - this is how FileVault works on Lion with DAS storage drives. It encrypts data in place. The downside is you can't use that drive with older Apple OS and non Apple OS.
It's not clear if this works for arbitrary NAS - but I have tried it on TimeCapsule to ask TimeMachine to encrypt the data and it seems to be safely locked away from my basic testing. I can't tell if this encryption is whole drive or just per image and can try to test that later this weekend and update things if no-one else knows that aspect.