Stratesave 7.0 - Encrypted Backups

Stratesave 7.0 Organized Backup Program Help Files

Encrypted Backups

Stratesave allows backups optionally to be stored encrypted. The reason to store backup encrypted, is that backup media, especially tapes and removable disks, can easily be stolen or copied. The backups very often contain confidential data. If someone has access to a backup media where backup is stored encrypted, he/she can copy or destroy the media, but can not retrieve the data, without also having the encryption key. Encryption is done for the backup data. The catalog is encrypted, if it is stored on tape or removable disk, but remains unencrypted, if stored on fixed disk or network server disk. The Log (list of executed backups) is also stored unencrypted.

Public/private key encryption

Stratesave encrypted backups are encrypted with a public/private encryption scheme. For the backup, only the public key is required. For automatic backup, the public key is used very often, and can be stored in system stash or in a file (see also program's commandline parameter /ENCRYPTKEYFILE=). If someone manages to get hand on the backup tape, and also somehow reads the stored encryption key, he/she still can not retrieve the backed up data. For the restore, the private key is required to type in. Since the private key is only needed for the restore (and for the file-compare), it can be kept secretly in a safe place.

What to choose for key?

The (private) key is sort of a password or passphrase. A key can be specified as a string of uppercase and lowercase letters, decimal digits, the underline character, and the dot character (A-Z,a-z,0-9,_,.). The key should be larger than a usual logon-password, because a key cracker who already has your backup can try out lots of possible key combinations in short time, without you noticing. A key that provides optimal security is made of 20-22 or more completely random characters. Stratesave has a builtin random key generator, through Random-button in Key-input-dialog.

Random generated keys are hard to remember, so you probably must write it down somewhere. Alternatively, you can choose a passphrase as your key, up to 255 characters are significant. Because the passphrase is not purely random, it should be made of lots more than 20 characters. Spaces are replaced by underline-characters. A possible passphrase is "I_live_in_a_beautiful_green_house_near_the_beach.". This is something you possibly can remember.

Whether you choose a random key, or a textual passphrase, it is important to not lose or forget your key. Otherwise you won't be able to restore your data, and nobody can help you out. Even having the public key does not help, because that key is used to make backup only.

What algorithms does Stratesave use for encryption?

Advanced encryption technologies Elliptic Curve, SHA1, AES Rijndael.

How to maximize security?

Now that someone can't retrieve the data, even with the public key used to make the backups, he/she can try to replace your public key, with a different public key, let you make the backup with their public key, and then copy or steal the tape later, after you then make the backup. This is of course more difficult than simply reading the key. Still, it's best for you to give only trusted people access to your PC. If you are suspicious someone might have changed your public key, you can restore some files from latest backup, or make a file-compare, which requires private key. If the operation succeeds, backup was made with the correct public key.

How to get the public key from private key, and vice versa?

The private key is the random key you define. Each private key has a fixed assigned public key. To get the public from private key, go to menu Special->Passwords/Encryption key. Then Pushbutton Add..., select Encryption key. In the input field, type your private key, press Key Info... leads to dialog Encryption Key Info, which shows the public key. You can copy/paste or print it from this dialog. Although public key is followed from private key, the invers cannot be calculated. It is impossible to get private key from public key. It is important to keep the private key, which is required for the restore, stored secretly and safely.

Summary

Public/private key encryption is a powerful tool, but standard security measures (keep your PCs, backup media and public key secured) should still be followed. Utmost care must be taken to protect the private key, to 1. not lose it, and 2. nobody else can get hands at it.

Stratesave Help Files