The personal encryption key option is one of the available methods with which we encrypt your file. To protect your data privacy, all files you upload to your Account are encrypted first before leaving your system. You can choose whether to encrypt your data with the generic Vault Services key or your personal key.
The Personal Key is derived from your user password. Since Vault Services does not store any of our users' password information in plain text (we store a hashed value that is compared to the hashed value of the input in the password field at login time, which allows for secure authentication without actual knowledge of the original passphrase), the resulting key is known only to the user. Objects uploaded with the Personal Key can only be opened/restored by the user with that key.
IMPORTANT: When you first set up your account with Vault Services, you are given the choice between using Vault Services Keys or Personal Keys. If you click on the Personal Keys option, you will see the following message:
You can use your Vault Services password as a personal key to encrpyt all of your data. If you forget your password, you cannot decrpyt your data stored on Vault Services.
When you further select the Personal Keys option, the following "final warning" pops up:
Your password is used to derive the personal key. If you forget your password, you will lose all your data.
Personal keys offer such high protection that if you forget your password, Vault Services can manually change your password for you and give you access to your account, but even in this case you will no longer have access to any of your files that were previously backed up under the Personal Keys settings and you will need to start your backup from scratch.
If you choose to backup and store your files using the Personal Keys settings, please ensure that you are using a password that you wil remember, or take the necessary steps to store the password in a safe place where you can retreive it if necessary.
Currently in development is a third option is a where a user can provide a binary key of their own independent creation.