Enable custom key security for backups
Overview
Enabling the custom key security option means that your backed up data is encrypted with a key that you define and store on your machine. You must provide that custom key whenever you restore data or install the Code42 agent on a new device. This article provides step-by-step instructions for enabling this setting.
Considerations
Proceed after preparation
- Consult the administrator of your Code42 environment. Depending on how your administrator has set up your Code42 environment, you may not be able to upgrade your security option.
- Read the Advice to users regarding archive encryption key security.
These instructions explain how to encrypt your backup data with keys known only to you and stored only on your devices.
When you set custom key security at one Code42 agent:
- The setting applies to all devices that backup to your account. Every device will require a custom key.
- All back up activity stops. All existing backup archives are discarded. Backup can only resume at a device after you set the custom key at that device.
- Not every device needs to use the same key. You may set different keys on different devices.
- If you lose your key, you lose your backup data. Code42 cannot help you recover it. Your only option is start over with a new backup archive.
Export and securely store your custom key
Code42 strongly recommends that you export your key for safe keeping. Export to a plain text file (*.txt). Do not modify that file. If you must open the file to copy the key, use a plain text editor, such as Notepad, TextMate, or nano. Do not use a word processor, Microsoft Word for example. That will introduce new characters and destroy your key.
Code42 strongly recommends that you export your key for safe keeping. Export to a plain text file (*.txt). Do not modify that file. If you must open the file to copy the key, use a plain text editor, such as Notepad, TextMate, or nano. Do not use a word processor, Microsoft Word for example. That will introduce new characters and destroy your key.
Upgrade to custom key
Step 1: Open security preferences
- Open the Code42 agent.
- Select
Settings. - Select Security.
Depending on how your administrator has set up your Code42 environment, the Security tab may not be available.
Step 2: Set your custom key
You can create your custom key in several ways:
- Import a text file
- Paste from the clipboard
- Enter a passphrase
- Let the Code42 agent generate a key
Option A: Import a text file
The typical reason to import a file is to duplicate a single key on multiple devices:
- Create the key on one device.
- Export it to a file.
- Import the file to other devices.
File requirements
The file you import must be:
- Plain text, UTF-8 encoding
- Hold one key and one key only
The file you import typically:
- Was exported from a Code42 agent
- Has the extension
.cpkey
Import a file holding a key as follows:
- Select Custom Key.
- Click Enter key.
- Select Import from the list of options.
Your file browser opens. - Navigate to the file you wish to import.
- Click Open.
The success message, "Imported custom key from (file name)", appears. - Click Save.
The Confirm Archive Encryption Settings dialog appears. - Continue to Step 3 to confirm the change to your encryption key setting.
Option B: Paste from the clipboard
- From a plain text editor, copy your custom encryption key to your device's clipboard.
- From the Code42 agent, select Custom Key.
- Click Enter key.
- Select Paste from clipboard.
The success message, "Pasted custom key from clipboard", appears. - Click Save.
The Confirm Archive Encryption Settings dialog appears. - Continue to Step 3 to confirm the change to your encryption key setting.
Option C: Enter a passphrase
- Select Custom Key.
- Click Enter key.
- Select Passphrase.
- Enter the text for the passphrase.
A strong passphrase contains 56 or more characters. You can use alphanumeric, numeric, symbol, or space characters. - Click Generate Key.
The Code42 agent generates an encryption key. - Click Save.
The Confirm Archive Encryption Settings dialog appears. - Continue to Step 3 to confirm the change to your encryption key setting.
Option D: Let the Code42 agent generate a key
- Select Custom Key.
- Click Enter key.
- Select Generate key.
The Code42 agent generates the text for your new key. - Click Save.
The Confirm Archive Encryption Settings dialog appears. - Continue to Step 3 to confirm the change to your encryption key setting.
Step 3: Confirm your security upgrade
- Read the agreement on changing your security settings.
- Select I understand the risks if you approve of each consideration.
- Select I agree to delete my backups on all of my devices if you approve of deleting your existing backups and starting your backups over with your new encryption key.
- Click Save to permanently upgrade your Code42 agent's security option to a custom key.
The success message, "Security upgraded to Custom Key", appears.
Step 4: Export your custom encryption key
Once you have set or generated a custom key, export the key for safe keeping. You must provide your key when downloading files from your backup, installing the Code42 agent, or accessing the Code42 agent on other devices.
- Open the Code42 agent.
- Select Settings.
- Select Security.
- Click Export in the Account Encryption Key Security area.
The key exports to a plain text file with the extension .cpkey. It is not necessary to use this file extension, but the file must be saved as plain text.
- Enter a name and location for the file to which you want to export the encryption key.
- Click Save.