I’ve seen some great answers on Time Machine encryption, especially one by Gordon Davisson. But the variations regarding networked volumes is still hazy. The rules for locally attached volumes seem clear – it’s an all-or-nothing proposition, please verify:
TM unencrypted backup to unencrypted volume: TM does an unencrypted backup.
TM encrypted backup to unencrypted volume: TM encrypts the volume (and all the files on it) then does the backup.
TM unencrypted backup to encrypted volume: TM decrypts the volume (and all the files on it) then does the backup.
TM encrypted backup to encrypted volume: TM does a backup and the OS handles the encryption?
Now, as for network attached storage:
TM unencrypted backup to unencrypted volume: TM creates an unencrypted backupbundle.
TM encrypted backup to unencrypted volume: TM creates an encrypted backupbundle. The other files on the volume are not encrypted and require no password?
TM unencrypted backup to encrypted volume: TM creates an unencrypted backupbundle, but it is encrypted by the OS anyway because the volume is encrypted? The backupbundle requires the same password as all the other files on the volume??
TM encrypted backup to encrypted volume: TM creates an encrypted backupbundle but what password does it require – the TM specified password or the volume’s password (assuming they are different). Are two passwords required, one to mount the volume and one to open the backupbundle (Apple’s documentation implies that you can)? Is the backupbundle encrypted separately using a different key than the other files or is it double-encrypted? Does reality exist?… oops too many questions.
Thank you for your patience! Any light on this subject would be appreciated.