Skip to main content
Code42 Support

Archive Encryption Key Security

Applies to:
  • Code42 CrashPlan (previously CrashPlan PROe)

Overview

Code42 CrashPlan encrypts your data with a key that is unique to your account. You or your administrator can choose how to secure this key. This article contains an in-depth summary of each of the encryption key security settings.

See the Definitions section below if you are uncertain about the terms used in this article.

Enhanced security support for version 5.x of the CrashPlan app
Enhanced archive encryption settings (archive key password and custom key) require version 5.2.x or later of the CrashPlan app. Enhanced archive encryption settings are not available in versions 5.0.x and 5.1.x of the CrashPlan app.

How account encryption key security works

CrashPlan encrypts your backup files before sending data to your backup destinations. All backup archives are encrypted with AES 256-bit encryption1. The method used to secure your encryption key depends on your Security preferences. The options include:

1 Starting with version 4.2 of the Code42 server, CrashPlan’s encryption type changed from Blowfish 448-bit to AES 256-bit. New installations of the Code42 server using version 4.2 or later use AES 256-bit encryption. If your Code42 server upgraded from version 4.1.x or earlier to any version between 4.2.x and 5.1.x, then the encryption type is Blowfish 448-bit by default, but administrators can choose to enable AES 256-bit encryption. In version 5.2 and later, all new and upgraded Code42 servers use AES 256-bit encryption.

Enhanced security considerations

  • By upgrading your encryption key security option to either archive key password or custom key, you reduce the likelihood that an unauthorized person could restore the data in your backup archive. However, without careful management, upgrading your security also increases the likelihood that you too will be unable to restore the data. Review each setting carefully before upgrading your security.
  • Once upgraded to either of the enhanced security options, you can never downgrade your security setting. Your administrator cannot downgrade your security either. This prevents someone from recovering your lost or stolen device and using the CrashPlan app to downgrade your security.
  • Your administrator may choose to lock the security setting so that you cannot upgrade your security settings.
Security setting applies to all devices on your account

Your archive encryption key security setting applies to all of the devices on your CrashPlan account. The setting will also apply to devices you add to your account in the future.

Options at a glance

The following table compares the available security settings for your encryption key. If you are uncertain about the terms used in the table, see the Definitions section below .

Security Account Password (Default) Archive Key Password Custom Key
Data encryption AES-256 AES-256 AES-256
Level of data privacy Strong Stronger Strongest
Risk of being unable to restore files Low

Medium (with recovery question enabled)

High (without recovery question enabled)

High:

  • Key is nearly impossible to commit to memory
  • Key cannot be recovered by administrator
Requires restarting backup after upgrading? No No Yes
Secured key stored on a master server? Yes Yes No
Information needed to restore from the CrashPlan app and administration console Account password Account password and archive key password Account password and custom encryption key
Information needed to restore from CrashPlan mobile app Account password Account password and archive key password Account password and custom encryption key
Devices on your account Single account password and encryption key for all devices Single account password, encryption key, and archive key password for all devices Single account password; individual devices may have a unique encryption key
Information required for new CrashPlan installations Account password Account password and archive key password Account password and custom key
Administrator can access backup archive? Yes No No

Account encryption key security options

Account password

Your account password is CrashPlan's default method for securing your encryption key. It is the simplest method to use, and it offers a good balance between security and ease of use. Using this method, you can access and restore files from the CrashPlan app, the CrashPlan mobile app, and the administration console by supplying your account password.

Account password recovery

You can reset your account password at any time without impacting your encryption key or your ability to restore data.

Technical notes

Consideration Details
Configuration

Account password is the default account encryption key security option.

Key creation

Encryption key is generated by CrashPlan the first time you install the CrashPlan app.

Management requirements
  • You only need to manage a single password.
  • You can access and restore files from the CrashPlan app, the CrashPlan mobile app, and the administration console by supplying your account password.
  • With this option, there is a low risk of losing your ability to restore files.
Key security & storage

Encryption key is escrowed on the master server for web restores and for installations on new devices.

Key storage for mobile devices
CrashPlan mobile app only
  • Encryption key is not stored on the device.
  • Secured key is sent from the master server during the sign-in process.
  • Secured key is stored in the device's memory only while the CrashPlan mobile app is in the foreground and user is signed in.
Web restore key access

Encryption key is escrowed on the master server for decryption.

Administrator access

Administrators can access files backed up to cloud destinations without knowing the user's account password.

Archive key password

When you enable the archive key password option, you change how the encryption key is secured, but the encryption key itself doesn't change. Instead of securing the encryption key with your account password, you are choosing to secure the key with an additional password, called an archive key password. Only the secured encryption key is stored on the master server for your Code42 environment.

An archive key password applies to all devices included on an account. You cannot have separate archive key passwords for separate devices on a single account.

Read our tutorial on upgrading security to the archive key password setting for more information.

Archive key password recovery

If you forget your archive key password, you can reset it if you previously configured a recovery question. If you did not configure a recovery question, or you do not know the answer to your recovery question, then there is no way to reset your archive key password.

Lost archive key password
The Code42 Customer Champion team and your administrator have no way to help you recover an archive key password or recovery question. You will be unable to restore files.

Recovery question

A recovery question is an optional feature of the archive key password security option. A recovery question can be used to reset the archive key password in the event that the existing archive key password is lost or forgotten.

Setting The Recovery Question
You must know your existing archive key password in order to set the recovery question. The question cannot be set if the archive key password has already been lost or forgotten. The Code42 Customer Champion
team and your administrator cannot set a recovery question for you, or recover the answer to your recovery question in the event that you lose or forget it.
How It Works
  • The question is stored on the master server as plain text so that it can be displayed in the CrashPlan app.
  • A salted and hashed version of the answer is stored on the master server.

If you lose or forget your archive key password, and have a recovery question enabled, you can answer your recovery question to reset your archive key password.

  1. CrashPlan presents you with the recovery question.
  2. CrashPlan salts and hashes the answer you supply and compares it against the salted and hashed version stored on the master server.
  3. If the supplied answer matches the stored answer, you can enter a new archive key password.
  4. The secure key stored on the master server is updated with the new archive key password.

Technical notes

Consideration Details
Configuration

Archive key password is an enhanced encryption key security option.

Key creation
  • Encryption key is generated by CrashPlan the first time you install the CrashPlan app.
  • Your encryption key remains the same when you upgrade security to archive key password.
Management requirements
  • You must manage two passwords.
  • You increase the risk of not being able to restore files (if archive key password is forgotten).
  • You can change your archive key password at any time without affecting backup data.
  • Restores from the CrashPlan app, CrashPlan mobile app, and administration console require your archive key password.
  • New installations of the CrashPlan app require your archive key password.
  • (Optional) You can provide a recovery question that can be used to reset your archive key password in the event that it is lost of forgotten.
Key security & storage
  • Encryption key is not escrowed on the master server.
  • The secured key is stored on the master server for authentication during web restores and installations on new devices.
Key storage for mobile devices
CrashPlan mobile app only
  • Encryption key is not stored on the device.
  • Secured key is sent from the master server during the sign-in process and stored in the device's memory while the CrashPlan mobile app is in the foreground and you remain signed in.
  • You must enter your archive key password to restore files.
  • If you enable Remember my private password, then the archive key password is stored in the device's memory as long as you remain signed in; the key and password are both removed when you sign out.
Web restore key access
  • Encryption key is secured with your archive key password on the master server for web restore.
  • The archive key password is hashed and escrowed on the master server for decryption.
  • You must supply your archive key password to restore files.
Administrator access
  • Administrators cannot access files backed up to your destinations
  • Administrators cannot access your archive key password

Custom key

If you choose the custom key security setting, the encryption key generated by CrashPlan is replaced with a custom key. This is the most secure option, but it requires the most management because you must provide the full custom key when performing:

  • Web restores
  • Mobile restores
  • Administrator restores
  • Installation of CrashPlan on new devices

With this option, you create your own encryption key, which resides on your device. That key is never transmitted to any other locations, including the master server. Make sure to store a copy of your custom key someplace where it is accessible if you need to restore data, even if the source device is lost or failed.

The setting applies to all devices on your account. Any additional devices on your account will stop backing up until a custom key is entered on the device. You may choose to use unique custom keys for each device, or you can apply the same key to each of your devices.

Backup Must Start Over
When you upgrade to custom key, files backed up with your previous encryption key are deleted from your backup and cannot be restored. Your backup must start over with the new encryption key. Likewise, if you change your custom key, your backup must start over with the new encryption key.

Read our tutorial on upgrading security to custom key for more information on creating, exporting, and importing your custom key.

Custom key recovery

Lost custom key
There is no way to reset your custom key if it is lost or forgotten. The Customer Champion team and your administrator have no way to help you recover a custom key. You will be unable to restore files.

Manage your custom key

You are responsible for storing your encryption key. We recommend exporting your key to a plain text file (.txt) for safe keeping. Do not modify the file. If you must open the file, use a plain text editor such a vi, vim, emacs, nano, pico, Notepad, or TextMate. Avoid using word processors, such as Word, Wordpad, Pages, or OpenOffice Writer, which introduce additional formatting characters and may corrupt your encryption key.

Technical notes

Consideration Details
Configuration

Custom key is an enhanced encryption key security option

Key creation
  • The original encryption key generated by the CrashPlan app is removed from the master server; you can assign a custom key using the import, paste from clipboard, passphrase, or generate options in the CrashPlan app.
  • You can choose to assign a different custom key to each computer on your account.
Management requirements
  • Your custom key is nearly impossible to remember, and therefore the risk of not being able to restore files high (if the custom key is lost).
  • Restores from the CrashPlan app, CrashPlan mobile app, and administration console require your custom key.
  • New installations of the CrashPlan app require your custom key.
  • You must start a completely new backup after upgrading to this security option; files backed up prior to upgrading are deleted from backup archives.
Key security & storage
  • Encryption key exists only on source device.
  • Your custom key is never cached at any remote location.
Key storage for mobile devices
CrashPlan mobile app only
  • Custom key is only stored on your device if you enable Remember my custom key.
  • Custom key is removed when you sign out of the app.
Web restore key access
  • You must supply your custom key in order to restore files.
  • The custom key is held in memory for the purpose of restoring files; it is never written to disk.
  • The custom key is flushed from memory once files are restored.
Administrator access
  • Administrators cannot access files backed up to your destinations.
  • Administrators cannot access your custom key.

Transmission security

Once your files are encrypted and secured with the encryption key method of your choice, CrashPlan transmits your backups to your destinations using a TLS-based communications encryption protocol and a 128-bit AES cipher.

Definitions

The terms below are used throughout this article.

account password

Password used to access the CrashPlan app and administration console.

archive key password

Password supplied when the archive key password option is enabled for archive encryption. If you have enabled this option, you must supply the archive key password to access files. See also account password, secured key.

This setting is not supported by version 5.0.x and 5.1.x of the CrashPlan app. Enhanced security is supported in version 5.2.x and later of the CrashPlan app.

custom key

Encryption key that is user-created (using the Passphrase or Generate options) and is used instead of the encryption key generated by the CrashPlan app. This encryption security option offers the greatest security because the custom key never leaves the source device. It also greatly increases user responsibility; there is no way to recover a backup if the custom key is lost or forgotten. Customer Champion have no way to assist with custom key recovery.

This setting is not supported by version 5.0.x and 5.1.x of the CrashPlan app. Enhanced security is supported in version 5.2.x and later of the CrashPlan app.

encryption key

A piece of information that a cryptographic algorithm uses to encrypt data.

master server
The master server is the "authority" server in any Code42 environment. Key functions of the master server include (but are not limited to) authentication, the management of all licensing, and the storage of encryption keys. Ownership and management of the master server depends on your environment’s deployment architecture.
recovery question

A recovery question is an optional feature of the archive key password security option. If your account has a recovery question and answer configured, you are able to reset the archive key password if it is lost or forgotten. When you enable the recovery question, the security of your archive key depends on both how hard it is to guess your answer and the strength of your archive key password. You can enable the recovery question feature at any time provided you know your current archive key password.

This setting is not supported by version 5.0.x and 5.1.x of the CrashPlan app. Enhanced security is available in version 5.2.x and later of the CrashPlan app.

secured key

A version of a user's archive encryption key that is encrypted with the user's account password (default security) or archive key password (enhanced security).

External resources

  • AES is an open source algorithm adopted by the National Institute of Standards and Technology (NIST) as the standard for electronic data encryption, and is used by businesses worldwide. For more information on AES encryption, see this article by TechTarget.
  • Salting and hashing is a security measure used for passwords. Learn more about salting and hashing from BlackWasp.