Encrypting Backups

Obtain a Certificate

Obtain a valid certificate from your firm's IT or security team. (Note: if your firm does not provide certificates or needs additional information, see 'Generating a Self-Signed Certificates' for an example).

Open Up DealCloud Site Backup Section

Navigate to the Site Backup section (Admin > Site Settings > Integration > Site Backup) and click on the Site Backup button to open up the modal.

Upload Certificate

Under the Encryption section, select "Encrypt by Encryption Key" under the Encryption Type dropdown. Upload your certificate file (.pfx, .cer) and once uploaded, hit Save.

Validate: Download Encrypted Backup

To validate, you may either request an adhoc backup or wait until your next daily backup is generated (if enabled). The next backup file that is generated will be encrypted.

Once generated, you will notice two files:

• backup.zip — The encrypted, password protected backup .zip file
• backup.zip.txt — The encrypted text file that contains the password used to decrypt the .zip file

Decrypt and Extract Backup

Use your certificate private key to decrypt the backup.zip.txt file. You may use the below example commands.

Powershell (assuming key is installed locally)

Unprotect-CmsMessage -Path "C:\Users\username\Desktop\text.zip.txt

OpenSSL

openssl cms -decrypt -binary -inform PEM -in backup.zip.txt -inkey example.com.key -print

Finally, use the password obtained to decrypt the backup.zip.