Skip to end of metadata
Go to start of metadata

About Encryption

ZCB offers two different types of encryption:

  • With AutoEncryption, backups on the cloud are automatically encrypted. 
  • With Private Key Encryption, an encryption key is generated from a passphrase.

Auto Encryption

ZCB with Google Cloud Storage will automatically encrypt your backups on the cloud using AES 128bit encryption.

Transfer of your backup data to the cloud is secure using the Secure Sockets Layer (SSL) protocol. The encryption itself takes place server-side on the cloud.

Icon

Auto Encryption only applies to backups stored on the cloud. Local backups will not be encrypted. If encryption of locally-stored backups is required, you must use the Private Key Encryption option.

Private Key Encryption

With Private Key Encryption, each user will create a unique encryption key generated from a passphrase. The encryption key or passphrase is required in order to restore data.

Private Encryption Keys will encrypt your backups using AES-256 bit encryption. AES-256 bit encryption is trusted worldwide.

Icon

If Private Key Encryption is chosen, you are responsible for safe and secure storage of your encryption keys. Zmanda does not store your encryption keys or passphrase anywhere.

Replacement keys can be created if you remember your chosen passphrase.

If you lose your private encryption key and forget your passphrase, neither you nor Zmanda will be able to decrypt your encrypted backup data.

Create a new Private Encryption Key  

You need to first create a personal encryption key. To create the key:

  1. Visit the Advanced backup settings section of the main backup page.
  2. Click Edit
  3. Click on Add Private Key with 256-bit encryption
  4. A new window will appear.
  5. Enter a Key Name.
  6. Create a passphrase.
    1. The passphrase must be at least four characters in length.
    2. By default, ZCB will save this newly created key in ZCB's Encryption folder, but you may choose an alternate location.
  7. Click OK.
  8. A new window will appear to confirm that the encryption key was created.  
  9. Click OK.
  10. Save the backup set.
  11. All future backups for this backup set, local and cloud, will be encrypted using your Private Encryption Key.

Select an existing Private Encryption Key

You may use an already-existing Private Encryption Key with other backup sets.

  1. Visit the Advanced backup settings section of the main backup page.
  2. Click Edit
  3. Click on Add Private Key with 256-bit encryption
  4. A new window will appear and ask you if you wish to use the existing key.
  5. Click Enable.
  6. Save the backup set.
  7. All future backups for this backup set, local and cloud, will be encrypted using your Private Encryption Key.

Delete or Modify an existing Private Encryption Key

To delete an encryption key:

  1. Visit the Advanced backup settings section of the main backup page.
  2. Click Edit
  3. Click on Delete Key
  4. A window will appear to confirm your deletion and warn that a copy of the key should be kept for decryption purposes.

Existing Private Encryption Keys cannot be modified. To change a key, first delete a key and create a new one.

Restore Encrypted Backups

No additional steps are required to restore backups that are encrypted with the Auto Encryption option. All encryption and decryption are done automatically.

For Private Key Encryption, a copy of the encryption key is required. Without that key, your data cannot be decrypted. Your passphrase can be used to generate a copy of the encryption key.

There are two fields on the Restore page pertaining to private encryption keys. Both are found in the Review your restore settings section. Click the Edit button to reveal encryption-related settings.

  • Available Private Key(s) for Decryption: This dropdown box is populated by all existing keys in the folder selected above.
    • In most cases, there will be no need to select a key from this folder. ZCB will automatically pick up the correct key for the restore.
    • If the correct key does not exist, you may create a new one by selecting Create a Private Key for Decryption from this dropdown box. See below.
  • Decryption Key Folder: This is the folder that contains your Private Encryption Keys.
    • Alter this field only if your encryption key has been moved, deleted, or otherwise lost.

How to Create a Private Key for Decryption

If you have lost, deleted, or are otherwise unable to locate the Private Encryption Key(s) used for backup, you may recreate the key for decryption purposes.

  • On the Restore page, find the Available Private Key(s) for Decryption field inside the Review your restore settings section.
  • Click on the dropdown box.
  • Choose Create a Private Key for Decryption from the dropdown box.
  • A menu will appear. 
  • Give the new key a name.
    • It is not required that you use the same name for the Decryption key as the original Encryption key. ZCB will identify the key based on its content, not its name.
  • Provide the exact passphrase as was used for the original key.
    • You must supply the exact same passphrase.
    • If the passphrase has any difference from the original, including capitalization, spaces, and punctuation, decryption of data will fail.
  • Keys created through this option are only used for decryption.
    • To create a key for encryption, please Create a New Private Encryption Key as described above

 

  • No labels