Upgrading Security In PRO Client

By default, CrashPlan PRO encrypts your files before sending your backup to your destinations. It is encrypted with an encryption key. Your security setting determines how the encryption key itself is secured. No matter what security setting you use, your data is encrypted.

Note: You have the option to turn off encryption, but we generally don't recommend it.

The administrator can choose whether or not to allow users to upgrade their own security settings in PRO Client. You can specify increasingly greater security for securing your encrypted data. You can secure your encryption key with:

• Your account password (default)
• A private password
• A private key, which replaces the current encryption key

This article assumes you are familiar with these concepts:

• Archive Encryption Key

There are two options to upgrade the security for your backup data in PRO Client.

• Secure with Private Password (stronger security)
• Secure with Private Encryption Key (strongest security)

You can choose to use a private password, which is different from your account password, to secure your encryption key. It is secured with your private password and stored on the servers and in the archive. Securing your encryption key with another password offers another level of security, but because you increase the probability that you will forget the private password, you increase the risk to your archive.

1. Click the Settings page.
2. Click the Security tab.
3. In the Archive Encryption Key area, click Secure with private password.
4. In the Private Password box, enter your private password.
5. Retype the password, exactly as you typed it above.
6. Click OK.
7. On the Settings page, click Save.

You replace the default encryption key with a private key to encrypt your archive. This private encryption key is never sent to our servers and is stored only on the source machine and never leaves the source, so it is not even secured there. This is in fact the most secure option, but it requires the most user management because you must provide your private key when doing any restore. You can create your private key in several ways:

• Enter a passphrase that will return a private encryption key that you paste into the encryption key box
• Allow CrashPlan PRO to generate a private encryption key for you without entering any text (just click the Generate option)
• Import a encryption key that you had previously saved to a text file

Once you've selected the method for generating your private key, you can export the key to a text file. Exporting the private key to a file makes it easier to locate the key in case you forget it. When you need to supply the private key on another computer to which you want to recover files, you can use the Import option to import the encryption key from the text file.

WARNING! All previously backed up data associated with the old encryption key is no longer available for restoring.

1. Click the Settings page.
2. Click the Security tab.
3. In the Archive Encryption Key area, click Replace with your own private key.
4. Click the Passphrase option.
5. Enter the text for the passphrase.
6. In the Repeat box, enter the passphrase again.
7. Click OK.
   CrashPlan PRO generates a private key.
8. On the Settings page, click Save.

Note: This would be a good time to export your private key.

1. Click the Settings page.
2. Click the Security tab.
3. In the Archive Encryption Key area, click Replace with your own private key.
4. Click the Generate option.
   CrashPlan PRO generates the text for your new private key.
5. On the Settings page, click Save.

Note: This would be a good time to export your private key.

1. Click the Settings page.
2. Click the Security tab.
3. In the Archive Encryption Key area, click Replace with your own private key.
4. After CrashPlan PRO generates the text for your new private key, click the Export option.
5. Enter the name of the file to which you want to export the private key.
6. Click Save.
7. On the Settings page, click Save.

1. On the Settings page, click the Security tab.
2. In the Archive Encryption Key area, click Replace with your own private key.
3. Click the Import option.
4. Navigate to the file you wish to import.
5. Click OK.
6. On the Settings page, click Save.

• Each increased level of security requires greater user management.

• WARNING! All previously backed up data associated with the old encryption key is no longer available for restoring.

• Archive Encryption Key
• Reference - PRO Server Security
• Reference - Default User Settings