How is the backup encrypted? Where is the password/key file and how is it generated?

AES encryption

By default, CubeBackup will encrypt all of your G Suite backups using the AES algorithm as long as you leave the Encrypt backups setting checked during the initial configuration. Characterized by high speed and low RAM requirements, AES is suitable for encryption for very large data sets.

All metadata stored in the SQLite files is also encrypted using AES. This provides another layer of security and protection for your data: even if an intruder were to gain physical access to your backups, they would be be useless without the matching AES key.

Encrypt backups

Key file

AES is a symmetric-key algorithm, meaning the same key is used for both encrypting and decrypting the data. The AES key is stored at <CubeBackup installation directory>/db/keys.json.

Tip: On Windows operating systems, the default installation path of CubeBackup is ā€œC:\Program Files\CubeBackup4\ā€.
On Linux operating systems, the default installation path of CubeBackup is ā€œ/opt/cubebackup/ā€

  • The AES key is generated when CubeBackup is installed on your computer.
  • The AES encryption key is very important for data backup and restoration and should be kept safe and secret.
  • On Linux, it is only accessible to the CubeBackup service.

We strongly recommend that you make a copy of the key file and store it in a safe place. CubeBackup Inc. does not have access to any AES key files and cannot help you if the key file is lost.