What kind of encryption does Mac OS X Extended (Journaled, Encrptyed) use?

Since my primary hard disk is encrypted with FileVault2, I also wanted my backup drive to be encrypted. I plugged in my external drive, brought up Disk Utility, and went to erase/format the disk. I chose Mac OS X Extended (Journaled, Encrptyed). However, I couldn't find out what kind of encryption it uses. Does anyone know (and/or know how I would look this info up via a command or system utility)? Is it the same as FileVault2?


Solution 1:

Yes - it's the same whole disk encryption. In both instances you end up with a volume wrapper and key storage to unlocks the encrypted file system where the data is safely stored. Disk Utility is a bit of a chore to set up encryption of an external drive, so I usually just wipe the drive and set it for Backups and then tell Time Machine to encrypt the drive. It handles the formatting, generating the crypto keys and lets you choose a passphrase to unlock the keys.

You can use diskutil cs list from the command line (in terminal.app) to show the encryption status and details. There's nothing wrong with disk utility other than the steps involved to reach an equivalent drive setup.

Here is what a fully encrypted and locked USB drive looks like when you set up Time Machine and instruct it to encrypt backups to an external drive:

Air:~ bmike$ diskutil cs list
CoreStorage logical volume groups (1 found)
|
+-- Logical Volume Group 6FD6879D-EFBF-4F33-9FC2-13E32A0F7B28
    =========================================================
    Name:         Backups
    Status:       Online
    Size:         499730309120 B (499.7 GB)
    Free Space:   0 B (0 B)
    |
    +-< Physical Volume 3082BFED-D84E-48FA-AB4F-7FB0197FD653
    |   ----------------------------------------------------
    |   Index:    0
    |   Disk:     disk1s2
    |   Status:   Online
    |   Size:     499730309120 B (499.7 GB)
    |
    +-> Logical Volume Family DFD4DEB4-93A8-4DD5-8F73-6534AB408E4D
        ----------------------------------------------------------
        Encryption Status:       Locked
        Encryption Type:         AES-XTS
        Conversion Status:       Complete
        Conversion Direction:    -none-
        Has Encrypted Extents:   Yes
        Fully Secure:            Yes
        Passphrase Required:     Yes
        |
        +-> Logical Volume E9497C5B-4AAD-46E5-ACEE-4214D1CA11D8
            ---------------------------------------------------
            Disk:               -none-
            Status:             Locked
            Size (Total):       499411537920 B (499.4 GB)
            Size (Converted):   -none-
            Revertible:         Yes (unlock and decryption required)
            LV Name:            Backups
            Content Hint:       Apple_HFS