Spotlight limitation? - encrypted disk images

Discussion in 'macOS' started by Scottyk9, May 3, 2005.

  1. Scottyk9 macrumors 6502a

    Jun 18, 2004
    After installing Tiger on my Powerbook, I noted that searching for specific words that I knew were in Microsoft Word (2004) or pdf documents were not found.

    Most of these files are in an encrypted disk image (for additional security if my powerbook is stolen). I note that you cannot add mounted encrypted disk images in the privacy column of spotlight preferences.

    Spotlight does find the document names, and folder names, but not information from inside the documents. I created a test Word document outside the encrypted disk image, and spotlight worked as expected.

    Anyone else experience this? To me, this is a (minor) limitation of spotlight, and perhaps warrants informing Apple.
  2. superbovine macrumors 68030


    Nov 7, 2003
    perhaps they'd assume that people might like to search files in encrypted disk.
  3. 7on macrumors 601


    Nov 9, 2003
    Dress Rosa
    Spotlight prolly treats mounted drives as network drives. As in it doesn't index them. And therefore explains why it doesn't search within the files.
  4. praha03 macrumors newbie

    Mar 24, 2005
    Indexing disk images

    This was in MacOSXHints:

    To enable indexing on a read/write disk image, you can use 'mdutil' (meta data utility) from the Terminal. Here's the command:

    sudo mdutil -i on /Volumes/name_of_image

    After a few moments (depending on how much data is in the image), you'll find your mail in Spotlight results. You can also do a man mdutil to see the rest of its commands.
  5. dirtymatt macrumors member

    Apr 27, 2005
    IMHO, not indexing the data inside documents on encrypted images is the correct behavior. I'd actually argue not indexing encrypted images at all (file names or anything) would be correct. It seems reasonable to assume that someone with enough skill could reconstruct at least some of the contents of a file from the SpotLight index.

    This of course all goes out the window if the index is stored on the individual volume, I really don't know that much about how SpotLight actually works to say for certain. I do feel erring on the side of paranoia is the correct behavior when it comes to encrypted volumes.
  6. jcgerm macrumors member

    May 28, 2003
    Ok, correct me if I'm wrong, but you want to be able to index the encrypted data that you keep encrypted for security reasons? You realize that if the files are indexed then some of the text inside them will be in the index as well. So, what is the point of having the encrypted files in the first place? I believe it's correct behavior not to index anything inside an encrypted file. Hence why it's encrypted.

    Even if the disk image isn't mounted, the indexed data is still there. Seems like it would be a security hole to me.
  7. Scottyk9 thread starter macrumors 6502a

    Jun 18, 2004
    Thanks for the replies.

    Security - once the drive is mounted, I can search through it by filename and folder name, and this certainly isn't a security risk. I would like to do the same by search by metadata (after it is mounted). The critical question is what happens to the metadata when the drive is unmounted? You can't access that metadata through spotlight, whether someone can get to it through the system files is another question. If the metadata is stored on the drive in question, then it too would be encrypted, and thus not a security risk

    So, does anyone know where the metadata is stored for external or disk images?

    By the way, I did find a way to index an encrypted disk image (I think it is working anyway - it seems to be taking a very long time to index, but an early test looks like it is working). Use this command in the terminal:
    sudo mdutil -i on /Volumes/name of volume

    edit: sorry praha, looks like you already provided the work around
  8. redlark macrumors newbie

    Sep 18, 2005
    metadata or encypted files - where stored?

    Exactly my question. Does any data 'leak' from an encrypted file on an encrypted volume to the unencrypted system cache or datalogs, etc. For example, a drawing/plan is stored on encrypted volume. I mount the volume,open and work on the plan with Acrobat Reader or Adobe Photoshop or any iLife app, then close the volume after finishing work. Does any of the metadata of the photo get stored on the unencrpyted portion of hd? System files? log files that note the file name, when modified, or any of the metadata of the file?
    Windows has many such 'holes' or 'leaks' in their apps (esp. Media Player or 3rd party apps like WinRAR). Their Windows sysdat folders store all kinds of stuff about supposedly encrpyted data that most users never realize.
    What about Panther?
  9. reubs macrumors 68000

    Jun 22, 2006
    I'm running into this same situation, and this is the thread that pops up in Google. I've got an encrypted disk image with lots of Spotlight comments on the files on it, but those comments are useless if I can't access them via spotlight. I can't even access them doing a search w/in the DMG itself. It's kind of annoying, and I wish there was a way to access them.

    On the contrary, I can understand the security concerns and that being a reason why Spotlight does not index an encrypted DMG. I just wish there was a simple, secure workaround.

Share This Page