Enable custom key security for backups

This article applies to CrashPlan Enterprise and MSPs.png

Overview

Enabling the custom key security option means that your backed up data is encrypted with a key that you define and store on your machine. You must provide that custom key whenever you restore data or install the CrashPlan app on a new device. This article provides step-by-step instructions for enabling this setting.

Considerations

Proceed after preparation

  • Consult the administrator of your CrashPlan environment. Depending on how your administrator has set up your CrashPlan environment, you may not be able to upgrade your security option.
  • Read the Advice to users regarding archive encryption key security.

These instructions explain how to encrypt your backup data with keys known only to you and stored only on your devices.

When you set custom key security at one CrashPlan app:

  • The setting applies to all devices that backup to your account. Every device will require a custom key.
  • All back up activity stops. All existing backup archives are discarded. Backup can only resume at a device after you set the custom key at that device.
  • Not every device needs to use the same key. You may set different keys on different devices.
  • If you lose your key, you lose your backup data. CrashPlan cannot help you recover it. Your only option is start over with a new backup archive.
Export and securely store your custom key
CrashPlan strongly recommends that you export your key for safe keeping. Export to a plain text file (*.txt). Do not modify that file. If you must open the file to copy the key, use a plain text editor, such as Notepad, TextMate, or nano. Do not use a word processor, Microsoft Word for example. That will introduce new characters and destroy your key.

Upgrade to custom key

Step 1: Open security preferences

  1. Open the CrashPlan app.
  2. Navigate to Device Preferences. Select bluecogSettings-export.png Settings.
  3. Select Security.
    Depending on how your administrator has set up your CrashPlan environment, the Security tab may not be available.

Step 2: Set your custom key

You can create your custom key in several ways:

  • Import a text file
  • Paste from the clipboard
  • Enter a passphrase
  • Let the CrashPlan app generate a key

Custom Key.png

Option A: Import a text file

The typical reason to import a file is to duplicate a single key on multiple devices:

  • Create the key on one device.
  • Export it to a file.
  • Import the file to other devices.
File requirements

The file you import must be:

  • Plain text, UTF-8 encoding
  • Hold one key and one key only

The file you import typically:

  • Was exported from a CrashPlan app
  • Has the extension.cpkey

Import a file holding a key as follows:

  1. Select Custom Key.
  2. Click Enter key.
  3. Select Import from the list of options.
    Your file browser opens.
  4. Navigate to the file you wish to import.
  5. Click Open.
    The success message, "Imported custom key from (file name)", appears.
  6. Click Save.
    The Confirm Archive Encryption Settings dialog appears.
  7. Continue to Step 3 to confirm the change to your encryption key setting.

Option B: Paste from the clipboard

  1. From a plain text editor, copy your custom encryption key to your device's clipboard.
  2. From the CrashPlan app, select Custom Key.
  3. Click Enter key.
  4. Select Paste from clipboard.
    The success message, "Pasted custom key from clipboard", appears.
  5. Click Save.
    The Confirm Archive Encryption Settings dialog appears.
  6. Continue to Step 3 to confirm the change to your encryption key setting.

Option C: Enter a passphrase

  1. Select Custom Key.
  2. Click Enter key.
  3. Select Passphrase.
  4. Enter the text for the passphrase.
    A strong passphrase contains 56 or more characters. You can use alphanumeric, numeric, symbol, or space characters.
  5. Click Generate Key.
    The CrashPlan app generates an encryption key.
  6. Click Save.
    The Confirm Archive Encryption Settings dialog appears.
  7. Continue to Step 3 to confirm the change to your encryption key setting.

Option D: Let the CrashPlan app generate a key

  1. Select Custom Key.
  2. Click Enter key.
  3. Select Generate key.
    The CrashPlan app generates the text for your new key.
  4. Click Save.
    The Confirm Archive Encryption Settings dialog appears.
  5. Continue to Step 3 to confirm the change to your encryption key setting.

Step 3: Confirm your security upgrade

Accept change to custom key.png

  1. Read the agreement on changing your security settings.
  2. Select I understand the risks if you approve of each consideration.
  3. Select I agree to delete my backups on all of my devices if you approve of deleting your existing backups and starting your backups over with your new encryption key.
  4. Click Save to permanently upgrade your CrashPlan app's security option to a custom key.
    The success message, "Security upgraded to Custom Key", appears.

Step 4: Export your custom encryption key

Once you have set or generated a custom key, export the key for safe keeping. You must provide your key when downloading files from your backup, installing the CrashPlan app, or accessing the CrashPlan app on other devices.

  1. Open the CrashPlan app.
  2. Navigate to Device Preferences. Select bluecogSettings-export.png Settings.
  3. Select Security.
  4. Click Export in the Account Encryption Key Security area.
    The key exports to a plain text file with the extension .cpkey. It is not necessary to use this file extension, but the file must be saved as plain text.
    copy key to clipboard.png
  5. Enter a name and location for the file to which you want to export the encryption key.
  6. Click Save.
Was this article helpful?
0 out of 0 found this helpful

Articles in this section

See more