# Encryption: Password-Protected Archives Every backup is stored as a ZIP archive that is automatically encrypted with a unique, system-generated password. This ensures that your backup data remains confidential and tamper-proof. ## Encryption Standards The archive is built using [ZIP File Version 5.2](https://pkware.cachefly.net/webdocs/APPNOTE/APPNOTE-5.2.0.txt) combined with [AES-256](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) encryption-one of the strongest encryption methods available. > **Note:** Many built-in ZIP utilities (e.g., Microsoft Windows Compressed Folders) do not support AES encryption. For optimal compatibility, we recommend third-party tools such as [7-Zip](https://www.7-zip.org/). ## Double-Archive Method To protect filenames, Cloudback embeds one ZIP archive inside another. Filename encryption is introduced in [ZIP File Format Specification 6.2](https://pkware.cachefly.net/webdocs/APPNOTE/APPNOTE-6.2.0.txt). We use version 5.2 for better compatibility while still protecting your filenames. ## Managing Encryption Settings For customer managed storages, you have the option to disable archive encryption: * **Disabling Encryption:** Edit your customer managed storage settings and select `ZIP archive without password protection`. > **WARNING:** Disabling encryption requires that you implement alternative measures to secure your data. * **Enabling Encryption:** To ensure maximum security, choose `Password-protected ZIP archive`. ![Setting up archive type](https://2781059148-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FQEI7SjBF2CddqNXZpCoE%2Fuploads%2Fgit-blob-f946de2ee2ff52e1ef180991232c1e5a8d8e3f17%2Foptional-password.png?alt=media) Cloudback-managed storages always enforce password protection to maximize data safety. ## Archive Sample & Password You can download a sample archive to test your extraction tools: * **Download:** [bee12062e5d741b1baf334088c2c980d.zip](https://github.com/cloudback/docs/raw/refs/heads/master/static/features/bee12062e5d741b1baf334088c2c980d.zip) * **Password:** `c8f42392e86e4f7fbe8b4adf7ec65694` ![Archive encryption method](https://2781059148-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FQEI7SjBF2CddqNXZpCoE%2Fuploads%2Fgit-blob-9a6fb82e6e19560eadd2f893dc6bd3c560f098cd%2Fzip-aes.png?alt=media) ![Archive password](https://2781059148-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FQEI7SjBF2CddqNXZpCoE%2Fuploads%2Fgit-blob-ed713012afba8741a2691ecaf0b653de64580573%2Fzip-password.png?alt=media) ![Archive content](https://2781059148-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FQEI7SjBF2CddqNXZpCoE%2Fuploads%2Fgit-blob-9bb7314cb378a759b8f6c1f518b54f67852a2843%2Fzip-content.png?alt=media) ## Customer-Managed Encryption By default, Cloudback generates and manages archive passwords automatically. For organizations that need to manage their own encryption keys, Cloudback also supports **customer-managed encryption** using RSA Lockbox. You provide your own RSA public key, and Cloudback encrypts each backup password with that key. To decrypt backups, you use your private key. For details on setting up customer-managed encryption, see [Encryption Overview](https://docs.cloudback.it/encryption-management/encryption-overview). ## Learn More * [Encryption Overview](https://docs.cloudback.it/encryption-management/encryption-overview) * [Customer Managed Storages](https://docs.cloudback.it/storage-configuration/customer-managed-storages) * [Restoring a Backup](https://docs.cloudback.it/data-restoration/restoring-a-backup) * [Data Deduplication](https://docs.cloudback.it/managing-backups/data-deduplication) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.cloudback.it/security-and-compliance/password-protected-archives.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.