MacOS Sierra: encrypting a bootable external drive

I wondered about that.

Would that include applications? I've got a bunch of software I can't purchase again (Adobe Creative Suite etc) and several audio apps (JRiver, dbPoweramp etc). They're all registered, with my identity attached to them (I presume) which I would want to protect. And retrieve.

Sounds easy. But then there's me. Maybe what I really need is an alternative backup/security strategy. Which is difficult to imagine effectively if I don't know how the basics actually work.

It doesn't help that any Mac has three Libraries. WTF?
.

 

what do you need to accomplish for backup/security?
be as specific as you can, we can help you develop a strategy that works for your needs.

 

What not just encrypt the destination drive for all your backups? If have used PGP since it was a private held company back in the early 2000's. It went to Symantec but has now found itself at Broadcom since they acquired Symantec Enterprise Security products. You can still find it at CDW online under Symamtec Desktop Encryption.

 

Yes, that would include any apps that cannot be replaced or are not native to your macOS. Apps tend to live in the Applications folder, but they can be anywhere. Apps may also have other associated files that reside elsewhere—depends on the app.

I think that what @elvisizer has said is a good place to proceed from here:
"what do you need to accomplish for backup/security?
be as specific as you can, we can help you develop a strategy that works for your needs."

 

OK.

I’m currently decrypted again, confirmed with a restart. Nothing appears weird.

I’m trying to imagine scenarios as I go; maybe some are contradictory. Or unresolvable.

What I’ve been doing:
Routinely backing up on several local HDDs. All bootable. The objective from many years ago was to immediately resume work with a new startup disk, in case the main internal SSD tanked. Nothing’s ever failed, but I guess I have tinkered with changing startup disks, decades ago.

What (I think) I want:
The entirety of this system on a backup, protected in whatever way, for off-site storage out of the state (2 locations). To be replaced maybe twice a year. I’ve already lost one unencrypted HDD in the mail.

The off-site objective is/was to recover after a large event here: fire, earthquake. (Maybe) that implies the iMac here is destroyed, and a new/different one must be acquired (making a bootable moot?).

Either way, I would want to return to operability with no (or little) undue effort. All software, all personal ID and financial, all passwords and bookmarks, all professional projects, all in one place and ready to load into whatever Mac.

If it matters, there is a separate music collection on HDD. Obviously doesn’t need encryption, just needs backup. Everything together easily fits on a 4TB. I’m familiar with partitioning drives.

Thinking it through, I guess that new-Mac scenario loses use of much of my software, particularly Adobe and Quark. $$$. Maybe the thinking could shift to buying a similar-vintage Mac and hoping that Sierra is still available somehow. And that seems like a waste; I’ve tended to hang on to my towers and iMacs for literally 15 years each, and I intend to do the same, or more, with this one (I’m roughly at the halfway point). The next one, with a 3rd- or 4th-gen Apple chip, should be my last. No laptops.

Would what I want possibly require backup in two different manners? One partition with sensitive material (“data”), encrypted? And another, unencrypted, which would allow for booting as a new startup, if a similar-vintage Mac+OS was acquired? Which would require figuring out which material was which? (Which as I type this sounds impossible for me to learn or do correctly. If it’s even doable.)

Impacting all of this is a microscopic budget; I can’t just buy-new-stuff my way out of this.

I doubt this matters, but I’ll repeat some of my usage quirks:
No Time Machine
No WiFi
No Java (uninstalled)
No Cloud (though that’s where Apple ID resides in Sierra)

And frankly, no FileVault, unless it’s needed for external encryption. There is no physical theft threat here. It would take a mob hit squad or an FBI swat team to get this iMac. And either party would be disappointed with the haul.

Or there’s always Option Z: forget the whole thing. And muddle through with my little local backups.

So here I am, right where I started. It’s taken me 3 months to accomplish exactly nothing. Excellent.
.

 

I have no problem whatsoever with "little local backups" (or big ones). They work for me. I have encrypted sensitive data. Can you identify and isolate your sensitive data? Once that's done, simple enough to encrypt. I keep a drive in a safe deposit box in a bank, too. Also, while I understand the money issue, would it be worth it to at least consider biting the bullet and upgrading to newer versions of apps like Adobe and Quark? Perhaps the microscopic budget would prevent that...I get it.

"...another, unencrypted, which would allow for booting as a new startup, if a similar-vintage Mac+OS was acquired?"
I like this idea, if you are absolutely committed to Sierra. Do it, backup your data, and it's done until next data backup time. Partition if you like or use separate drives (that's what I like).
KISS principle!
Well, it is getting quite late for me, so for now...g'night. Will continue to follow.
P.s. 3 months ain't nothin'...been on projects longer than that, only to see them go away.

 

I suppose all/most my personal/professional material is nested in a general "projects" folder, but is my ID somehow traceable elsewhere by way of registered software (in Applications)? Or some other data buried/scattered throughout the system, which I would surely be unaware of?

When I get a new Mac, years from now, I'll just migrate to Adobe online subscription (can do by the month). Meanwhile, it's better to immediately use the handy, paid-for tools for the few ultra-low-budget projects that trickle in. Sierra performs nimbly and well enough for now; I don't (seem to) experience online intrusions.

That you like the idea is encouraging, but thinking further, I'd still be putting an insecure drive in the mail, with a bunch of ID attached. Otherwise there are 3 or 4 bootable drives here on the premises, fulfilling their original intended use (replacing a failed internal).

I guess a NON-bootable, encrypted drive might be a better general off-site strategy. And then (if necessary) transfer to a separate Mac which might be old-new-used-whatever, and deal with whatever it takes to access material; ie, ANY traceable material, including software, need not be sent off-site.

Different backups for different purposes I guess. Seems more doable.

Although it would be nice if I could assemble and mail one comprehensive drive, bootable and encrypted, that could handle ANY dreamt-up scenario, however unlikely.

Can't guarantee that both an earthquake and fire won't happen here this afternoon.

And I wouldn't rule out that plague of locusts.

Thanx again.
.