I was wondering if during your beta testing of macOS High Sierra, whether you have tested Knox to see if it will run.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
In initial testing, It seems to work as well as it does on Sierra.
Hi Rudy. You just made my day. :-)
On behalf of Rudy, you're very welcome!
I have quite a few vaults created with Knox and sometimes use them simply to cut down on visual clutter with rarely accessed data. I was just reading something about sparse files being treated differently than other data with APFS, so I'm just wondering if there is any planning or changes I need to think about in advance. All the vaults are on a SATA drive, while the boot drive is SSD.
@ashleyk: Knox is not being developed, so we don't have any plans to make changes there currently. But as Rudy mentioned above, Knox seems to work on High Sierra the same as it does on Sierra.
That makes me wary of using Knox if it's not being developed. Presumably that means not supported either if there is any future problem. I wasn't aware that Knox had been abandoned.
@ashleyk: We're always happy to help if you run into any issues, and many of us (myself included) use Knox ourselves. So while it's been discontinued, support for you and the rest of our awesome customers hasn't. And if it puts things in perspective, Knox is built on standard macOS disk images, so it's unlikely that Apple will break things there. So, worst case scenario, if the Knox app ceases to function someday, the disk images you've created with it will still work in macOS without the app. It just makes it easier to manage them — especially since Disk Utility has changes a bit in recent years. I hope this helps. Be sure to let me know if you have any other questions!
@brenty That's good to hear. I've battled with Knox backups over the years, but overall I like it and I've found disk images to be a useful way of storing files. Originally I had a slight fear that file corruption might lead to a lot of lost data, but they've proven to be very reliable and I like using them as a way of neatly storing rarely used data. You could do the same thing with a Zip, but that's slow and clumsy if you have a large file.
@ashleyk I wanted to pop in to say that I'm not sure if Rudy tested with APFS or HFS+ when testing Knox on High Sierra, and he isn't here to ask at the moment (he's on vacation right now). I hadn't heard anything about existing sparse bundles working differently with APFS, but I'd be surprised if Apple would do something that makes them unreadable without advance warning. That said, I can't make any promises that a future update to macOS won't break something that we can't fix and, since Knox development has been discontinued, looking for an alternative isn't necessarily a bad idea. It's not an official AgileBits recommendation, but I've personally begun using Boxcryptor, which I like a lot since it can also be used on iOS and other platforms, and can be synced between devices.
@Andrew_AG I think it would be good if this is tested before High Sierra is released if only to let people know in advance, otherwise there could be a lot of tears.
@ashleyk Agreed. When Rudy returns I'll ask him how he tested it.
I spoke with Rudy, who says it would have been APFS he tested with, so looks like you're good, @ashleyk.
That's good to hear @Andrew_AG
Perhaps Rudy could check again when High Sierra reaches the GM version, since quite a lot might have changed by then, compared to when he first tried this.
I'm sure that nothing significant will change with sparse bundles in general on macOS between now and then, and Knox just uses macOS' APIs for that, but I can mention it to him.
It seems to be working OK, the only strangeness discovered so far is that I had to put in the password again to open any disk images, even though it was stored in the keychain, which was backed up by iCloud. That could end up catching some users out if only stored the passwords in iCloud and failed to write them down somewhere else. I was also unable to copy/paste the password or drag it over and had to write it by hand.
That could catch a few people, although the password is probably still in the Keychain for some people even if it doesn’t fill. Thanks for letting us know that, though. That’s good to know.
This caught me out on one of the disk images. I had keychain items backed up via iCloud, but for some reason none of them for Knox filtered back following a clean install of High Sierra, though other apps seem fine.
I had details on all the disk images stored in 1Password with the exception of one for some inexplicable reason. No surprise that I can't open it now.
I made a copy of the entire setup on Sierra before upgrading, which I've left on a spare SATA drive, so in theory I should be able to put that in the computer and find the password through the keychain from there. I suspect there may be some tears from other users before long.
@ashleyk: I'm really sorry to hear that. It's the reason I don't make extensive use of Keychain and recommend 1Password to folks when they ask what the difference is: Keychain is not always predicable or easy to get data from. Also, possible that the disk image is just damaged, so the backup may be worth copying over again. Have you tried searching in Keychain Access, perhaps on another Mac even? I do use Keychain to store some things, but only for convenience when I have it saved in 1Password too...
I'm just surprised at myself for not having kept a note inside 1Password like I did for the others. In this case it's not a hugely important disk image, so it's not the end of the world if it's lost entirely. I actually use Knox in many cases just to archive information that is rarely accessed with lots of sub folders, because it keeps the computer less cluttered.
In general I don't make huge use of iCloud, simply because I use 1Password where possible. Having 1Password on Mac, Android and Windows also means I go through DropBox. The iCloud part definitely worked in recalling internet accounts, such as emails, Safari bookmarks, plus Notes etc. It is odd that none of the keychain items for Knox carried across.
Is it possible that iCloud is only backing up keychains related to Apple products? If so, that's a major shortcoming. When I did the straight upgrade it worked fine. The problem occurred following a clean install of High Sierra.
I haven't checked on the other computer yet, but I'll do so shortly and as mentioned I still have the old SATA drive with Sierra on. In theory I can start up from there, locate the password and email it to myself. Above all I wanted to report this so you guys can hopefully find out what is going on.
There is no indication that the disk image is corrupted. None of them had the password stored in the keychain and I was forced to type it manually before they would mount. I'm just missing the password for that one item at present.
@brenty OK a quick update. I've just checked on the iMac and there is no trace of any keychain related to Knox. This is an old computer running El Capitan where I did a clean install about a month ago and simply installed a few key work apps for emergencies. Knox is not installed there.
Looking at the keychain app, I can see it has records of all the mail accounts, Safari, router and internet accounts like Twitter, but nothing else. It looks like iCloud is not backing up keychain stored passwords for Knox, but I'll check again later in case some of the ones added yesterday filter across.
I doubt the Knox passwords were synced to iCloud, although I admittedly am not an expert on iCloud Keychain syncing. My understanding is that they are only stored locally. What you want to search for is "sparsebundle" (without the quotes) under the All Items category in the Keychain Access app on the Mac your Knox vaults are on. If the password is still there, it should show up with that search.
I'm astounded if Knox passwords are not synched by iCloud. Surely the whole point of iCloud is that information is stored safely and can shared across devices. I've searched for sparsebundle and the missing password is definitely not on this computer or the other one. They haven't been backed up by iCloud, despite selecting the option to store keychains in iCloud.
When Knox was originally designed, I'm not sure that iCloud syncing of local Keychain data existed. But if it isn't in Keychain Access on the Mac that the vault was originally stored in then I'm sure it also isn't on any others either.
I've lost a lot of faith in iCloud after this experience. It's a pity Knox wasn't kept more up to date.
Indeed, Keychain existed for at least a decade before iCloud did, so there are some issues there with regard to combining the two — especially for long-time Mac users who had Keychain data from when it was all local. I wish I had a better understanding of what iCloud Keychain covers exactly and why, as it definitely does not contain all of my Keychain data either. However, it's also important that things can be excluded, since we don't necessarily want everything we store in Keychain locally to be accessible on other devices — though if you've forgotten/lost your password obviously not having a backup makes it desirable for iCloud Keychain to have it.