Encrypting Backups
We support the use of certificates to encrypt backups. This is done by following the steps below, all scripts are written in powershell with administrator permissions.
-
Create a certificate and private key using the following command:
certreq -new ./encryption.inf ./cert.cer
The contents of the encryption.inf file should be as follows:
[Version] Signature = "$Windows NT$" [Strings] szOID_ENHANCED_KEY_USAGE = "2.5.29.37" szOID_DOCUMENT_ENCRYPTION = "1.3.6.1.4.1.311.80.1" [NewRequest] Subject = "CN=DealCloud QA Auto Tests,O=DealCloud,L=Jersey City,S=NJ,C=US" FriendlyName = "DealCloud QA Auto Tests Documents Signing" KeyLength = 2048 HashAlgorithm = SHA256 ProviderName = "Microsoft RSA SChannel Cryptographic Provider" Exportable = true MachineKeySet = true RequestType = Cert KeySpec = AT_KEYEXCHANGE KeyUsage = CERT_KEY_ENCIPHERMENT_KEY_USAGE ValidityPeriod = Years ValidityPeriodUnits = 3 [Extensions] %szOID_ENHANCED_KEY_USAGE% = "{text}%szOID_DOCUMENT_ENCRYPTION%"
-
Import the certificate to the Windows Certificates Manager: 2.1. Double-click on cert.cer -> Install Certificate. 2.2. Store Location: Local Machine. 2.3. Certificate Store: Personal.
-
Export the certificate to a PFX file: 3.1 Open the Windows Certificates Manager
certlm.msc
. 3.2 Go to Personal -> Certificates. 3.3 Right-click on the certificate -> All Tasks -> Export. 3.4 Select Yes, export the private key. 3.5 Select Include all certificates in the certification path if possible. 3.6 Select Password and enter a password. 3.7 Select a location to save the PFX file. -
Encrypt the backup using the following command:
Protect-CmsMessage -To ./cert.cer -Path ./test.zip | Out-File ./encrypted.zip
The certificate password is the password used in step 3.6.
-
Decrypt the backup using the following command:
Unprotect-CmsMessage -Path ./encrypted.txt
-
To use the certificate in the DealCloud application, go to the Admin -> Site Settings -> Integrations -> Backup -> Encryption Certificate and upload the .cer file.