What is a Personal Key in the encryption settings?

The personal encryption key option is one of the available methods with which we encrypt your file. To protect your data privacy, all files you upload to your Account are encrypted first before leaving your system. You can choose whether to encrypt your data with the generic Vault Services key or your personal key.

The Personal Key is derived from your user password. Since Vault Services does not store any of our users' password information in plain text (we store a hashed value that is compared to the hashed value of the input in the password field at login time, which allows for secure authentication without actual knowledge of the original passphrase), the resulting key is known only to the user. Objects uploaded with the Personal Key can only be opened/restored by the user with that key.

IMPORTANT: When you first set up your account with Vault Services, you are given the choice between using Vault Services Keys or Personal Keys. If you click on the Personal Keys option, you will see the following message:

You can use your Vault Services password as a personal key to encrpyt all of your data. If you forget your password, you cannot decrpyt your data stored on Vault Services.

When you further select the Personal Keys option, the following "final warning" pops up:

Your password is used to derive the personal key. If you forget your password, you will lose all your data.

Personal keys offer such high protection that if you forget your password, Vault Services can manually change your password for you and give you access to your account, but even in this case you will no longer have access to any of your files that were previously backed up under the Personal Keys settings and you will need to start your backup from scratch.

If you choose to backup and store your files using the Personal Keys settings, please ensure that you are using a password that you wil remember, or take the necessary steps to store the password in a safe place where you can retreive it if necessary.

Currently in development is a third option is a where a user can provide a binary key of their own independent creation.

Have more questions? Submit a request

1 Comments

  • 0
    Avatar
    Vault Services Support

    Another answer to this question:

    The "Personal Key" is derived from your password. While this may sound confusing, Vault Services does not know your password. We know a "hash value" of your password, which is the result of a one-way mathematical operation. This means that when you provide your password via one of our login interfaces, the one-way operation is performed producing a value that we compare to our authentication system. If it matches, you're in! If not, you are denied access.

    The beauty of this system is that we don't need to know you actual password to authenticate you - better yet, it is impossible to use the hash value to work back to the original value. In this way, we can securely verify who you are without knowing your actual password choice.

    An added benefit is that we can use the un-hashed password to generate a secure key for you.

Please sign in to leave a comment.
Powered by Zendesk