What is APFS encryption and how does it work?

A random person getting their sticky hands on our confidential files is not something we would like to expect. However, Mac users can rest easy in this regard. As one of the most secure platforms, macOS provides a simple way to protect this information from intruders. The native capability of APFS, the Mac’s standard file system, allows encrypting the content of a drive, making it impossible for unauthorized parties to access the locked storage. Here you can learn more about this feature and find out how it works.

Last update: June 02, 2023

Time to read: 6 min

What is APFS encryption?

APFS (Apple File System) is a new-generation proprietary file system designed by Apple. It is used by default in their modern products, including Mac computers running macOS 10.13 High Sierra and later. This format has been developed with the primary focus on security and has support for encryption integrated into it. The data stored in an APFS-encrypted volume is encoded using sophisticated algorithms and cannot be read by anyone who does not possess the appropriate credentials. In case a password or key is specified correctly, the content gets deciphered and can be accessed in a usual manner.

For this, APFS relies on the AES-XTS scheme with a 128-bit or 256-bit key length. Since encryption is performed at the file system level, APFS doesn’t need to be wrapped in any additional layer to protect the data, as opposed to HFS+, the previous standard choice for Macs. Before APFS, this feature could only be implemented via CoreStorage – a virtual volume system that was essentially responsible for the functionality behind FileVault 2.

Encryption can be applied to any APFS-formatted storage, from a Mac’s startup drive to various external HDDs or SSDs and USB thumb drives. Yet, depending on the type of storage device and system it belongs to, there may be two distinctly different variants thereof:

  • Hardware encryption

This variant is utilized for internal storages on Intel-based Macs with Apple T2 security chips and models with Apple Silicon processors. Under these circumstances, encryption is enabled out of the box and tied to a particular appliance. Such Macs are equipped with a Secure Enclave module used to store and handle the details related to encryption, including different cryptographic keys. The information inside it is protected with the help of advanced hardware techniques that allow the OS to interact with this component, but prevent any access to its actual raw data. At present, there are no known methods for retrieval of these hardware-specific keys. This kind of approach also makes it impossible to move the encrypted drive from one computer to another.

  • Software encryption

Software encryption is deployed on all external storage devices as well as on the internal drives of Macs that do not have hardware encryption support, mostly ones released prior to 2017. In this case, purely software mechanisms are used to cipher the data, without any hardware-generated information involved. Each volume gets encrypted with its individual secret key (called Volume Encryption Key or VEK). This key is stored in a protected state in the APFS container metadata, encoded with another key referred to as a Key Encryption Key (KEK). The latter, in its turn, exists in multiple copies, each encrypted with a different key based on a particular protection mechanism. This makes it possible to implement decryption and thus access to the volume through several methods:

  • User password – a series of characters defined by the user that is requested each time they to log into the Mac user account or access an external device encrypted by APFS.
  • Recovery key – a string of 24 alphanumeric characters that is produced automatically when the system drive is formatted with APFS (Encrypted) or upon activation of FileVault. The key should be written down or printed out and kept privately in order to remain able to decrypt the storage in case the user password gets lost or ceases to work.
  • iCloud account – the account associated with the Mac whose startup drive is protected by FileVault or formatted with APFS (Encrypted). If this option is chosen during the initial encryption setup, the Recovery key gets bound to the account information so that logging into it would be enough to unlock the storage in the absence of the user password. Meanwhile, the key itself is not exposed to the user.
  • Institutional recovery key – an optional key installed on corporate Mac computers prior to their encryption that allows accessing any of them when this cannot be done with the user’s personal Recovery Key.

Thereby, decryption can usually be performed with the help of a password of any valid user or one of the recovery keys. Yet, all those details are stored as ciphertext in the APFS metadata. If certain critical areas on the storage get damaged as a result of corruption or a physical defect, it will be no longer possible to verify the input credentials and make the data readable again, even when they are originally correct.

How does it get activated on a device?

Except the instances of hardware encryption, the APFS format itself is notencrypted by default. There are a number of scenarios in which itsencryption takes place:

  • The user can encrypt any existing non-system drive via the Finder, or format is as APFS (Encrypted) using the command line or Disk Utility.
  • The user can go to "Security and Privacy preferences" and enable FileVault anytime in order to lock up the system startup volume.
  • The system volume can also be encrypted during the initial installation of macOS, given that the user enables the corresponding option in the Setup Assistant.
  • In the process of migration to APFS, an encrypted volume based on HFS+ and the legacy CoreStorage technology is converted to APFS (Encrypted) automatically.

The described technology is s upported for data recovery and access by the following software products :

* Hardware encryption involves the use of physical security mechanisms that cannot be handled programmatically, and thus is not supported by the software.