User Tools

Site Tools


public:8113_faq:best_practices_for_managing_encryption_key

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
public:8113_faq:best_practices_for_managing_encryption_key [2021/04/20 00:33]
edward.chan removed
— (current)
Line 1: Line 1:
-=====  FAQ: Best practices for managing encryption key on AhsayOBM or AhsayACB? ​  ===== 
  
-<​html>​ 
- <​b>​ 
-  Article ID</​b>:​ 
- 8114 
- <​br/>​ 
- <​b>​ 
-  Reviewed</​b>:​ 
- ​20/​04/​2021 
- <​br/>​ 
- <​br/>​ 
- <​b>​ 
-  Product Version</​b>:​ 
- <​br/>​ 
- ​AhsayACB / AhsayOBM: 8.3 or above 
- <​br/>​ 
- OS: All platforms 
-</​html>​ 
- 
- 
- 
-===== Contents ===== 
-<​html>​ 
-Frequently Asked Questions: 
- <​br/>​ 
- <​ol>​ 
-  <li> 
-   <a href="#​What%20is%20the%20'​default'​%20encryption%20setting%20of%20a%20backup%20set?">​ 
-    What is the '​default'​ encryption setting of a backup set? 
-   </​a>​ 
-  </li> 
-  <li> 
-   <a href="#​Can%20I%20change%20the%20encryption%20setting%20of%20a%20backup%20set?">​ 
-    Can I change the encryption setting of a backup set? 
-   </​a>​ 
-  </li> 
-  <li> 
-   <a href="#​Can%20I%20restore%20my%20backup%20data%20if%20I%20have%20lost%20my%20encryption%20key?">​ 
-    Can I restore my backup data if I have lost my encryption key? 
-   </​a>​ 
-  </li> 
-  <li> 
-   <a href="#​Where%20is%20the%20encryption%20setting%20of%20a%20backup%20set%20saved%20at?">​ 
-    Where is the encryption setting of a backup set saved at? 
-   </​a>​ 
-  </li> 
-  <li> 
-   <a href="#​I%20am%20prompted%20to%20enter%20the%20encryption%20key%20of%20my%20backup%20sets,​%20why%20is%20that?">​ 
-    I am prompted to enter the encryption key of my backup sets, why is that? 
-   </​a>​ 
-  </li> 
- </​ol>​ 
- <a href="#​Best%20practices%20for%20managing%20your%20encryption%20key">​ 
-  Best practices for managing your encryption key 
- </​a>​ 
- <​br/>​ 
- <​br/>​ 
- <​br/>​ 
- <​b>​1.<​a name="​What%20is%20the%20'​default'​%20encryption%20setting%20of%20a%20backup%20set?">​ What is the '​default'​ encryption setting of a backup set? 
-  </a> 
- </​b>​ 
- <​br/>​ 
- <​br/>​ 
- ​Answer) For backup sets created with AhsayOBM or AhsayACB version 7.3 or above, the default encryption setting of a backup set is: 
- <​br/>​ 
- <​br/>​ 
-<img src="​http://​wiki.ahsay.com/​lib/​exe/​fetch.php?​media=public:​5034_0.png"​ style="​width:​60%;​ border:thin solid black"/>​ 
- <​br/>​ 
- <​br/>​ 
- <​ul>​ 
-  <li> 
-   <​font color=black>​Encryption Key: 
-   A randomly generated key of 44 alpha numeric characters</​font>​ 
-  </li> 
-  <li> 
-   <​font color=black>​Encryption Key Length: 
-   256 bits</​font>​ 
-  </li> 
-  <li> 
-   <​font color=black>​Encryption Algorithm: 
-   ​AES</​font>​ 
-  </li> 
-  <li> 
-   <​font color=black>​Encryption Method: 
-   ​CBC</​font>​ 
-  </li> 
- </​ul>​ 
-Note that for backup account with multiple backup sets, even if the user had chosen to use '​default'​ setting for their backup sets, each backup set will have its own encryption key. 
- <​br/>​ 
- <​br/>​ 
- <​font color=#​FF0000><​b>​ 
-  Important</​b>:​ 
-  <br/> 
- For users who may have used older releases of AhsayOBM or ACB, the '​default'​ encryption setting is no longer the password. ​ The default setting has changed since version 7.3.</​font>​ 
- <​br/>​ 
- <​br/>​ 
- <​br/>​ 
- <​b>​ 
-  2. 
-  <a name="​Can%20I%20change%20the%20encryption%20setting%20of%20a%20backup%20set?">​ 
-   Can I change the encryption setting of a backup set? 
-  </a> 
- </​b>​ 
- <​br/>​ 
- <​br/>​ 
- ​Answer) The encryption setting of a backup set is generated at the backup set creation time, and cannot be changed afterward. 
- <​br/>​ 
- <​br/>​ 
- <​br/>​ 
- <​b>​ 
-  3. 
-  <a name="​Can%20I%20restore%20my%20backup%20data%20if%20I%20have%20lost%20my%20encryption%20key?">​ 
-   Can I restore my backup data if I have lost my encryption key? 
-  </a> 
- </​b>​ 
- <​br/>​ 
- <​br/>​ 
- ​Answer) No, if you have lost the encryption key of your backup set, it will be impossible to restore data from the corresponding backup set. 
- <​br/>​ 
- <​br/>​ 
- <​br/>​ 
- <​b>​ 
-  4. 
-  <a name="​Where%20is%20the%20encryption%20setting%20of%20a%20backup%20set%20saved%20at?">​ 
-   Where is the encryption setting of a backup set saved at? 
-  </a> 
- </​b>​ 
- <​br/>​ 
- <​br/>​ 
- ​Answer) The encryption setting of a backup set is saved locally on the client computer, at: 
- <​br/>​ 
- <​br/>​ 
- ​~/​.obm/​config/​settings.sys 
- <​br/>​ 
- <​br/>​ 
- You can also save the encryption setting of your backup sets on the backup server by enabling the '​Encryption Recovery'​ option within the client user interface: 
- <​br/>​ 
- <​br/>​ 
- <​ul>​ 
-  <li> 
-   <​font color=black>​Login to the AhsayOBM / ACB user interface.</​font>​ 
-   <​br/>​ 
-   <​br/>​ 
-  </li> 
-  <li> 
-   <​font color=black>​Click on the User Profile (icon beside the username):</​font>​ 
-   <​br/>​ 
-   <​br/>​ 
-      <img src="​http://​wiki.ahsay.com/​lib/​exe/​fetch.php?​media=public:​5034_1.png"​ style="​width:​60%;​ border:thin solid black"/>​ 
-  </li> 
-  <br> 
-  <li> 
-   <​font color=black>​Select <​b>​Encryption Recovery</​b>​ then enable the setting: 
-   <​br/>​ 
-   <​br/>​ 
-      <img src="​http://​wiki.ahsay.com/​lib/​exe/​fetch.php?​media=public:​5034_2.png"​ style="​width:​60%;​ border:thin solid black"/>​ 
-  </li> 
- </​ul>​ 
- Or from the AhsayCBS web console:</​font>​ 
- <​br/>​ 
- <​br/>​ 
- <​ul>​ 
-  <li> 
-   <​font color=black>​Login to the AhsayCBS console.</​font>​ 
-   <​br/>​ 
-   <​br/>​ 
-  </li> 
-  <li> 
-   <​font color=black>​Select <​b>​User & User Group</​b>​ under <​b>​User Management</​b>​.</​font>​ 
-   <​br/>​ 
-   <​br/>​ 
-  </li> 
-  <li> 
-   <​font color=black>​Select the corresponding user, then under <​b>​User Profile</​b>,​ enable <​b>​Upload encryption key after running backup for recovery</​b>:</​font>​ 
-   <​br/>​ 
-   <​br/>​ 
-      <img src="​http://​wiki.ahsay.com/​lib/​exe/​fetch.php?​media=public:​5034_3.png"​ style="​width:​60%;​ border:thin solid black"/>​ 
-  </li> 
- </​ul>​ 
- If this option is enabled, the encryption key (in encrypted format) of the backup set would be uploaded to the backup server whenever a backup job is performed. 
- <​br/>​ 
- <​br/>​ 
- The encryption key would be saved within the user home of the corresponding account: 
- <​br/>​ 
- <​br/>​ 
- ​%UserHome%\%username%\%backupset_id%\settings\EncryptionKeys-%YYYY-MM-DD%.json.rgz 
- <​br/>​ 
- <​br/>​ 
- ​Contact email address of the user account will also be saved within this file. 
- <​br/>​ 
- <​br/>​ 
- <​font color=#​FF0000>​ 
-  <​b>​Important</​b>:​ 
-  <br/> 
- Note that this file cannot be decrypted by the AhsayCBS administrator.</​font>​ 
- <​br/>​ 
- <​br/>​ 
- You must engage Ahsay'​s Professional Encryption Recovery Service to decrypt this file for retrieving the encryption key of a backup set.  The encryption key will be sent directly to the end user's contact email address.</​font>​ 
- <​br/>​ 
- <​br/>​ 
- <​br/>​ 
- <​b>​ 
-  5. 
-  <a name="​I%20am%20prompted%20to%20enter%20the%20encryption%20key%20of%20my%20backup%20sets,​%20why%20is%20that?">​ 
-   I am prompted to enter the encryption key of my backup sets, why is that? 
-  </a> 
- </​b>​ 
- <​br>​ 
- <​br>​ 
-    <img src="​http://​wiki.ahsay.com/​lib/​exe/​fetch.php?​media=public:​5034_4.png"​ style="​width:​60%;​ border:thin solid black"/>​ 
-<br> 
-<br> 
- ​Answer) The client application will prompt for the encryption key of all existing backup sets when the user, if it cannot detect the present of the settings.sys file (within the operating system profile (e.g. ~/​.obm/​config/​settings.sys). 
- <​br/>​ 
- <​br/>​ 
- For example: 
- <​br/>​ 
- <​br/>​ 
- <​ul>​ 
-  <li> 
-   <​font color=black>​Login to the client application on multiple computers with the same backup account. 
-   <​br/>​ 
-   <​br/>​ 
-   You have login to AhsayOBM with backup account '​username'​ on Computer A, then when you login to AhsayOBM with the same account on Computer B, when you access the Backup Sets tile, you will be prompted to enter the encryption key for all existing backup sets.</​font>​ 
-   <​br/>​ 
-   <​br/>​ 
-  </li> 
-  <li> 
-   <​font color=black>​Login to the client application with multiple backup accounts. 
-   <​br/>​ 
-   <​br/>​ 
-   You have login to AhsayOBM with backup account '​username'​ on Computer A, then when you login to AhsayOBM with backup account '​username2'​ on Computer A, you will be prompted to enter the encryption key for all existing backup sets.</​font>​ 
-   <​br/>​ 
-   <​br/>​ 
-  </li> 
-  <li> 
-   <​font color=black>​The client application was completely uninstalled (including the user profile at ~/​.obm/​config/​settings.sys).</​font>​ 
-  </li> 
- </​ul>​ 
-The user must enter the correct encryption key at this point to manage or continue with the backup or restore operation (of that backup set) on this computer. 
- <​br/>​ 
- <​br/>​ 
- <​br/>​ 
- <​br/>​ 
- <​b><​a name="​Best%20practices%20for%20managing%20your%20encryption%20key">​Best practices for managing your encryption key</​a>:</​b>​ 
- <​br/>​ 
- <​br/>​ 
- We would like to stress that it is <​u><​font color=#​FF0000><​b>​very very very important</​b></​font></​u>​ to keep a record of your encrypting key at multiple locations. 
- <​br/>​ 
- <​br/>​ 
- <​ol>​ 
-  <li> 
-   <​font color=black>​Write down the encryption keys of all of your backup sets.</​font>​ 
-   <​br/>​ 
-   <​br/>​ 
-   <​ul>​ 
-    <li> 
-     <​font color=black>​Login to the AhsayOBM / ACB user interface.</​font>​ 
-     <​br/>​ 
-     <​br/>​ 
-    </li> 
-    <li> 
-     <​font color=black>​Click on the <​b>​Backup Sets</​b>​ tile.</​font>​ 
-     <​br/>​ 
-     <​br/>​ 
-    </li> 
-    <li> 
-     <​font color=black>​Select the corresponding backup set, then <​b>​Show advanced settings</​b></​font>​. 
-     <​br/>​ 
-     <​br/>​ 
-    </li> 
-    <li> 
-     <​font color=black>​Click on <​b>​Others</​b>,​ select <​b>​Unmask encryption key</​b>​ at the bottom of the menu</​font>​. 
-     <​br/>​ 
-     <​br/>​ 
-        <img src="​http://​wiki.ahsay.com/​lib/​exe/​fetch.php?​media=public:​5034_5.png"​ style="​width:​60%;​ border:thin solid black"/>​ 
-     <​br/>​ 
-    </li> 
-    <br> 
-    <li> 
-     <​font color=black>​Copy the encryption key at multiple locations.</​font>​ 
-    </li> 
-   </​ul>​ 
-   <​br/>​ 
-  </li> 
-  <li> 
-   <​font color=black>​Make copies of the backup account profiles on the client computer: 
-   <​br/>​ 
-   <​br/>​ 
-   ​~/​config/​settings.sys</​font>​ 
-   <​br/>​ 
-   <​br/>​ 
-  </li> 
-  <li> 
-   <​font color=black>​Enable the <​b>​Encryption Recovery</​b>​ setting for your account. 
-   <​br/>​ 
-   <​br/>​ 
-   As a last step to protect yourself from losing the encryption key of your backup sets, enable the '​Encryption Recovery'​ setting of your backup account, to save the key to the backup server. 
-   <​br/>​ 
-   <​br/>​ 
-   Refer to Question 4 - 
-   <a href="#​Where%20is%20the%20encryption%20setting%20of%20a%20backup%20set%20saved%20at?">​Where is the encryption setting of a backup set saved at?</​a>​ 
-   for instruction.</​font>​ 
-  </li> 
- </​ol>​ 
-</​html>​ 
- 
- 
-===== Keywords ===== 
-encryption, encrypt, decrypt, decryption, restore, restoration,​ recovery