Archive Encryption Key Security

Your archives are secured with a private key, which is a secure randomly-generated 128-bit encryption key. The private key is protected by encrypting it with your password. This encrypted private key is escrowed with your archive at each destination so you can restore your files should you lose your computer. Of course, you'll need your password to unlock your encryption key.

• Use the Settings > Security page to upgrade your archive encryption key security.
• If you lose the password or key, you will not be able to restore your data.
• Important: Once you have upgraded your security settings, you can never downgrade.
• Important: CrashPlan Support has no way to recover your private password or private encryption key because we never have access to this information.
• Really Important! If you forget your private password or lose the private key that you created, you must reinstall CrashPlan on all computers in your account with a new email address and start backup over.
• Also: If you must restart your backup, your previous backups are no longer available and cannot be restored.

Your data is not encrypted with the security you've chosen; rather, the security method is used to protect the encryption key that encrypts your data. Think of a key that is locked inside a safe. Your security method (also know as the public key) is the information that unlocks the safe, which contains the key (also known as the private key) that unlocks your data. In other words, your public key protects your private key.

You have these options for securing your archive encryption key:

• account password - default
• private password - another password to use instead of account password
• personal private key - a private key you create that replaces the default private key

Each of the encryption key security options offers increasingly greater security, and correspondingly greater risk for forgetting. In other words, using your account password to secure your data is the simplest method and the easiest for others to penetrate. Using a private password adds another layer of security, but it is another password to remember.

Once you have upgraded your encryption key option, you cannot downgrade to another option. This prevents someone from recovering your lost or stolen computer and using CrashPlan to downgrade your security.

Using your account password to secure your encryption is the simplest method to use, but the easiest for others to penetrate.

• Default encryption key security option
• Private key is stored on the server and on source computer
• Public key uses your account password to protect your private key
• Public key and private key are stored on the server for web restore
• Public key is stored on the destination for guest restore
• Admins can restore without password, allowing easy local fast restore

You can specify to use a private password, which is different from your account password, to secure your encryption key. Securing your encryption key with another password offers another level of security; however, you increase the risk to your archive because there is no way to retrieve the private password if you forget it.

• Upgraded security
• Private key is stored on and never leaves source computer
• Public key uses a private-password to protect your private key
• Public key is stored on the server for web restore and for new installations
• Public key is stored on the destination for guest restore
• Admins need private password to restore
• Additional password to remember, risk not being able to restore if forgotten

You can specify to replace the default encryption key with a private key to encrypt your archive. This is the most secure option, but it requires the most user management because you must provide your private key every time you restore.

• Highest upgraded security
• Private key is stored on and never leaves source computer
• Manage your own private key per computer, with each computer under this account theoretically using a different private key
• Web restore, guest restore, new installations, remote restore, etc. require the private key
• Admins need private key to restore
• Additional information to keep track of, with increased risk of not being able to restore if lost

Generating Your Private Key

You can create your private key in several ways:

• Enter a passphrase that returns a private key and then paste the key into the encryption key box
• Allow CrashPlan to generate a private encryption key for you without entering any text (just click the Generate option)
• Import an encryption key that has been saved to a text file (e.g. an SSH private key)

Importing and Exporting the Private Key Once you've selected the method for generating your private key, you can use the Export option to export the key to a text file. Exporting the private key to a file makes it easier to locate the key in case you forget it. When you need to supply the private key on another computer to which you want to recover files, you can use the Import option to import the encryption key from the text file.

All data previously backed up and associated with the previous method's encryption key is no longer available for restoring.

To ensure that your private data stays private, CrashPlan encrypts your files before transport, with no dependency on destination or Internet security. CrashPlan+ / CrashPlan PRO uses 448-bit Blowfish encryption; CrashPlan (the free version) uses 128-bit Blowfish, the same 128-bit encryption that online banking and most businesses use.

“128” and “448” refer to the length of the encryption key. The longer the key, the harder it is to decrypt data.

Blowfish is an encryption algorithm. It's a freely available, documented and open method of encrypting data. Being Open is very important, because it means that it uses public processes that can be tested by everyone and as a result, proven to be secure. Blowfish was invented by a security expert named Bruce Schneier. More information is available online here: http://www.schneier.com/blowfish.html

We escrow the encryption key to protect you in case your computer is lost or stolen. Because only you (the customer) knows the private password, no one else can restore your files. In the event that you need to reinstall CrashPlan, your configuration settings are pulled from our server, including your locked encryption key.

CrashPlan's servers maintain this encryption key, so it is transferred securely with the same encryption technology used to encrypt data during backup. The encryption is stored as part of your CrashPlan configuration settings and in the archive.

• Your private key is never cached or stored on any remote location. It is stored on the source computer that is being backed up. Your data is encrypted with the key on the source computer, so that CrashPlan can back up without prompting.

• CrashPlan uses the same key for restoring files.

• Unless you replace the archive encryption key with your own private key, the encryption key doesn't change. This means that you can still restore versions of files associated with the original password. If you change your password, CrashPlan locks the encryption key with the new password.

• Your private password or private key is never sent to CrashPlan, and therefore CrashPlan Support cannot obtain the password or key for you if you lose it. You won't be able to restore the data that has already been backed up without the private password, and you will need to restart your backup from scratch.

• If you really must downgrade your security, you will have to create a new account and start over. If you want to do this under the same email address, email support to disable your account.