• Sales: 1-800-961-2888
  • Support: 1-800-961-4454

Feedback

Let us know what you think of our Knowledge Center!

Open Cloud Community

Learn about Rackspace products, ask questions, and share your knowledge in our Open Cloud Community.

Generating Your Encrypted Key in Cloud Backup

  • Article ID: 1291
  • Last updated on April 30, 2013
  • Authored by: Rackspace Support
  • (2 Comments)

The following article shows how to Generate your Encrypted Key in Cloud Backup.

Rackspace Cloud Backup already encrypts your passphrase locally on your browser using a javascript RSA library. This is before your passphrase is submitted over the web.

Rackspace will never know your unencrypted (or clear text) passphrase. Your passphrase is encrypted using public/private key pairs. This is the SSL web security standard for transmitting data over secure connections. Only your encrypted passphrase is sent to Rackspace. All communication between your computer and Rackspace servers for Cloud Backup is done over SSL--no one can intercept and read your messages.

You can, however, encrypt your passphrase yourself using the public/private key for your system (and bypass Rackspace's client side encryption library), by using the methods below.

  1. First, you need a copy of your system's public key file. You can find this file in the agent's configuration directory.

    Note: You need to use the public key file from the machine that you are restoring to, performing the cleanup on, etc.

    1. Log into your Cloud Server and browse to where the Cloud Backup Agent is installed.

      In Linux: /etc/driveclient or /root/driveclient-old

      In Windows: C:\Users\[username]\AppData\Local\DriveClient

    2. Copy the public-key.pem file. This file contains your public key.
  2. If "openssl" is not installed on your machine, visit www.openssl.org and download it to your system.

    In Linux: Run the following three commands to generate your own encryption key (prompts for password):

    read -s -p "Password:" qpwd
    
echo echo -n $qpwd | openssl rsautl -encrypt -inkey public-key.pem -pubin | openssl base64
    
unset qpwd

    In Windows: Run the following command to generate your own encryption key:

    echo|set /p=" mysecretpassword " | openssl rsautl -encrypt -inkey public-key.pem -pubin | openssl base64
  3. Copy the encrypted key you have generated and paste that into the passphrase box.  The encrypted key will be transmitted as-is over SSL.


© 2011-2013 Rackspace US, Inc.

Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License


See license specifics and DISCLAIMER

2 Comments

I'm not sure if this is an OS difference between Linux OS's, but on RHEL 6.x systems, the .driveclient folder is actually /etc/driveclient.

Great job all! This is a very cool service!
By Shannon Ward on Aug. 30, 2012

I'll doublecheck this, but it looks like the article may be pointing to the location where the personal key will be created, rather than the existing driveclient config directory. We'll find out for sure and update the article accordingly. Thanks!
By jered.heeschen on Aug. 31, 2012

Add new comment