|
Hi!
First of all, thank you very much for taking the time to write, I really do appreciate it! :^)
The encryption does happen on-the-fly as the file is never stored outside of the FileVault itself, much like if you were to create your own encrypted image and save a document immediately inside of it as you are working on it. Should the computer crash or be force-rebooted in any way, there would be no trace of the file outside of the vault, even without a proper shutdown procedure — that is, provided that the application you are using does not store caches in strange, non-standard places.
However, you are entirely right about FileVault existing in the user space: the FileVault image is mounted as a whole and, as you are logged in, any application running with your privileges or the system privileges can access your files as if they were unencrypted — which is necessary for the system to function normally.
Both aspects of FileVault aren't in contradiction but it is true that it might seem surprising at first.
I hope this answers your question and remain at your disposition to provide you with any additional information you may deem useful.
Truly yours,
FJ
|
