Where does the content of an open encrypted image end up on Mac?

0

0

I have files stored in an encrypted image (DMG) on my Mac to keep them safe from snooping eyes, but a thing hit me: when I decrypt the image by opening it... where does the decrypted information end up?

Because, to me, if it ends up on the hard drive (let's say it's a HDD, not SSD) and then deleted, it's not safe since it can be retrieved. Making the encryption pretty much void. I noticed this because I have the encrypted image in my Dropbox folder and as soon as I decrypt it, Dropbox start syncing information. But no files seem to get synced, but it still starts doing something.

So any pro's that know what's going on under the surface here?

Mikael

Posted 2018-02-24T20:38:24.070

Reputation: 3

You don't have dropbox pointed at the mounted / decrypted folder (the one you browse when the image is decrypted), do you? Dropbox might start syncing the decrypted files then... but they'd show up online or at least in dropbox's history then. Otherwise it's basic on-the-fly encryption – Xen2050 – 2018-02-24T23:21:08.387

Answers

3

Only in memory, on an as-needed basis. The disk image remains fully encrypted on disk; the operating system only decrypts chunks of the disk image as they are being read from the disk, and will always re-encrypt those chunks before writing them back to disk.

The syncing activity you're seeing is because parts of the disk image are modified while it is open (e.g, to update last-accessed times, folder options, and similar metadata). This can be avoided by mounting the disk image as read-only.

duskwuff -inactive-

Posted 2018-02-24T20:38:24.070

Reputation: 3 824

Wow. Amazing answer. Thank you very much, totally appreciate it. – Mikael – 2018-02-24T22:04:34.533