Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


How do I manage my private encryption key with Carbonite Server Backup?

Published on
3,744 Points
1 Endorsement
Last Modified:
By default, Carbonite Server Backup manages your encryption key for you using Advanced Encryption Standard (AES) 128-bit encryption. If you choose to manage your private encryption key, your backups will be encrypted using AES 256-bit encryption.
By default, Carbonite Server Backup manages your encryption key for you using Advanced Encryption Standard (AES) 128-bit encryption. In the event of a disaster recovery, you only need to remember your account username and password to access the files in your backup. If you choose to manage your private encryption key, your backups will be encrypted using AES 256-bit encryption.
Note: With Private Key Encryption, you are responsible for safe and secure storage of your encryption keys. Carbonite does not store your private encryption keys or passphrase anywhere. Replacement keys can be created if you remember your chosen passphrase. If you lose your private encryption key and forget your passphrase, neither you nor Carbonite will be able to decrypt your encrypted backup data.
If you decide to manage your own encryption key, we highly recommend that you store at least two separate copies of the key on removable media and store at least one copy of the key in a separate physical location, such as a safe deposit box. The encryption key (or passphrase) is required in order to restore your backed up data.
While managing your key, you will be able to create and save a backup set encrypted with the private encryption key.

To manage your private encryption key, open the Carbonite Server Backup user interface and click the Edit within the Advanced backup settings section in the Backup tab.

adv_backup_settings_editbutton_414.pngThe Advanced backup settings section will change to edit mode. Click the Add Private Key with 256-bit encryption link to add a private key.

add_private_key_414.pngAn Add Private Encryption Key window will appear.

Within this window, you will be required to provide information for these fields:
  • Key Name - Enter the name of the private encryption key you are creating.
  • Passphrase - The passphrase will be used to generate the encryption key. It must be at least four characters in length.
  • Confirm Passphrase - This is to ensure that the passphrase you have entered above is the one you would like associated with your encryption key.
  • Save at - Displays the location where CSB will save this newly created key. By default, it will be saved in CSB's encryption folder located in C:\ProgramData\Carbonite\Carbonite Server Backup(x64)\zcb\encryption\. You have the option of choosing an alternate location.
After entering all the required information, click OK to proceed.

add_privatekey_confirm_412.pngOnce your encryption key has been successfully created, a window will appear. Click OK to close the window.

encryptkey_created.pngNote: It is strongly recommended that you copy the encryption key file to a safe offsite location, and do not change its name or its contents.

The newly created private encryption key will appear in the Edit your advanced backup settings section of the user interface.

private_encryptionkey_414.pngYou will now be able use this private key to encrypt new backup sets. Click the arrow button in the top right to exit edit mode.

Deleting an Existing Private Encryption Key

To delete an encryption key, follow the steps below:

  1. Select any backup set for which Private Key Encryption is enabled. 
  2. Within the How would you like to back up? section, click the Delete Key link next to the private key.
  1. A window will appear to confirm your deletion and warn you that a copy of the key should be kept for decryption purposes. Click Yes or No to proceed.
  1. Once the private key has been successfully deleted, a window will appear. Click OK to close the window.
success_delete_encryptkey.pngNote: Existing Private Encryption Keys cannot be modified. To change a key, first delete a key and create a new one.

Carbonite Server Backup is ideal for people who are concerned about security. For customers additionally concerned about HIPAA compliance, Carbonite encrypts your data and allows you to sign a Business Associate Agreement.


Featured Post

Restore individual SQL databases with ease

Veeam Explorer for Microsoft SQL Server delivers an easy-to-use, wizard-driven interface for restoring your databases from a backup. No expert SQL background required. Web interface provides a complete view of all available SQL databases to simplify the recovery of lost database

Join & Write a Comment

This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month