Encryption: Password-Protected Archives

Learn how Cloudback secures GitHub backups with AES-256 encryption and password protection, ensuring data confidentiality and preventing unauthorized access.

Cloudback secures every backup using a robust encryption model. The archive is built on ZIP File Version 5.2 combined with AES-256 encryption, ensuring that your data remains confidential and protected against unauthorized access.

Technical Security Overview

Encryption Standards: AES-256 is widely regarded as one of the strongest encryption methods available. However, note that many built-in ZIP utilities (e.g., Microsoft Windows Compressed Folders) do not support AES encryption. For optimal compatibility, we recommend third-party tools such as 7-Zip.
Double-Archive Method: To protect filenames, Cloudback embeds one ZIP archive inside another. This is done to encrypt filenames inside an archive. Filename encryption is introduced in ZIP File Format Specification 6.2. We decided to keep version 5.2 for better compatibility.

Security Implications

Tool Compatibility: If your preferred archiver does not support AES-256, you may face difficulties accessing your backups. We advise testing your tools and, if necessary, switching to a recommended solution like 7-Zip.
Configuration Impact: While you can adjust encryption settings for customer managed storages, disabling encryption can significantly reduce the security of your backups. Cloudback-managed storages enforce password protection to maximize data safety.

For detailed instructions on how to manage encryption settings, please refer to our Password-Protected Backups page.

Learn more

PreviousImmutability: Amazon S3 Object Lock NextTraceability: Audit Log

Last updated 4 days ago

Was this helpful?