Follow These Tips to Secure Your Encryption Keys and Protect Your Data
Concepts in the digital world are often named after items we use in the real one. Doing so obviously helps us better understand how computers work, but sometimes, there are some crucial differences that, while we might gloss over them as unimportant, become quite critical when you think about it. To prove the point, we'll take encryption keys and compare them to the ones you have in your pocket.
The similarities are obvious. A real-world key opens the door of your house and lets you in, and it also locks it to keep others out. In much the same way, an encryption key "opens" an encrypted file and lets you read its contents and locks it so that prying eyes don't get to see it. There are, of course, nuances. With asymmetric encryption, for example, you have one key that encrypts the data, and another that decrypts it. Nevertheless, the analogy is more or less as clear as day. Where's the difference, then.
The difference comes when you think about what happens when you lose your keys. When you lose your house keys, you have quite a few options. You can call a locksmith, enter the house through the window, or use brute force to break your front door. When you lose your encryption keys, you are pretty much done for.
If the encryption algorithm you've used to scramble your data is strong enough (and let's face it, you want it to be), there's no way of unscrambling it without the key. That's why the way you manage your encryption keys is extremely important.
Before we see the dos and don'ts of encryption key management, we obviously need to know what an encryption key looks like, and the answer to this question depends on the encryption tool you're using.
Table of Contents
Passwords as encryption keys
In essence, an encryption key is a string of characters, so it's more or less a password. In all likelihood, the encryption tool takes the password you set and based on it, it creates a key. Nevertheless, the encryption of your files is as good as the password. You must make sure that the password is strong, and yet you must also think about storing it securely.
You can try to remember your password. If you can memorize it, however, it likely isn't terribly strong. Alternatively, you can try harder and create a complex password on your own. To solve the problem of having to remember it, you can use an old-fashioned ballpoint pen to write it down on an even more old-fashioned piece of paper. Such an action, unfortunately, isn't very secure.
Cyclonis Password Manager provides a solution. It comes with a powerful password generator that can create a very strong and completely random password. And you needn't worry about remembering it because you can save it in a Private Note, and it, along with the rest of your sensitive data will be placed inside your personal vault. When you need to decrypt a file, you simply log in to your Cyclonis Password Manager account and copy the password which acts as an encryption key.
Encryption keys embedded in files
Many encryption solutions use files to decrypt your data. The idea is that the encryption program will create the key on its own and will then put it in a file. Depending on the encryption program, it will be either a file you choose or one created by the program itself. To make things look less conspicuous, some programs can store the key in a file with any extension. Keeping this file safe is just as important as keeping your passwords safe. The solution? Backup.
3-2-1
The question of what is and what's not a good backup policy has been widely argued over for years, and it's fair to say that there's no conclusive answer to this question. The so-called 3-2-1 strategy seems to be among the more popular options, though, and we reckon that it can be applied to storing your valuable encryption keys. The idea is that you have three copies of your data residing on two local and one off-site device.
Applying the strategy to the file that acts as your encryption key is easy. The file is already saved on the HDD of your PC, so you have one copy. You make a second one and put it in an external hard drive or a USB thumb drive (after you've made sure that the external devices are well-protected and are not constantly connected to your PC). Finally, you use a cloud backup provider that will take a copy of your encryption key and will send it for secure storage in the cloud.
The strategy is sometimes referred to as "3-2-1-0" as well, and the "0" stands for "0 mistakes." Indeed, it is quite easy to mess things up when you're backing up data. There are a couple of pieces of common wisdom that should help you stay on top of your backups, though.
First, when you back something up (e.g., your encryption key), make sure the backed up data is not corrupted and can be restored. People often say that an untested backup is as good as a non-existent one.
The same goes for an outdated backup. If you add new encryption keys or change the old ones, it is absolutely imperative that you make sure the files in your backups are up-to-date. Invalid keys won't be very useful if you're trying to unlock your data.
Last but not least, make sure your encryption keys are not stored in the same place as your encrypted data. If you do that, you might as well not bother with the encryption at all.
It's now easier than ever to encrypt your files and protect them from prying eyes. It's also more important than ever that you do consider it. If you're going to do it properly, however, you need to think through your key management strategy carefully.
