{"id":68,"date":"2008-11-12T14:42:21","date_gmt":"2008-11-12T22:42:21","guid":{"rendered":"https:\/\/www.backblaze.com\/blog\/2008\/11\/12\/how-to-make-strong-encryption-easy-to-use\/"},"modified":"2025-12-12T12:54:30","modified_gmt":"2025-12-12T20:54:30","slug":"how-to-make-strong-encryption-easy-to-use","status":"publish","type":"post","link":"https:\/\/www.backblaze.com\/blog\/how-to-make-strong-encryption-easy-to-use\/","title":{"rendered":"How to Make Strong Encryption Easy to Use"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-94689\" src=\"https:\/\/www.backblaze.com\/blog\/wp-content\/uploads\/2008\/03\/bb-bh-Hardened-Against-Disaster.jpg\" alt=\"Backblaze Hardened Against Disaster\" width=\"1440\" height=\"820\" srcset=\"https:\/\/backblazeprod.wpenginepowered.com\/wp-content\/uploads\/2008\/03\/bb-bh-Hardened-Against-Disaster.jpg 1440w, https:\/\/backblazeprod.wpenginepowered.com\/wp-content\/uploads\/2008\/03\/bb-bh-Hardened-Against-Disaster-300x171.jpg 300w, https:\/\/backblazeprod.wpenginepowered.com\/wp-content\/uploads\/2008\/03\/bb-bh-Hardened-Against-Disaster-1024x583.jpg 1024w, https:\/\/backblazeprod.wpenginepowered.com\/wp-content\/uploads\/2008\/03\/bb-bh-Hardened-Against-Disaster-768x437.jpg 768w, https:\/\/backblazeprod.wpenginepowered.com\/wp-content\/uploads\/2008\/03\/bb-bh-Hardened-Against-Disaster-560x319.jpg 560w\" sizes=\"auto, (max-width: 1440px) 100vw, 1440px\" \/><\/p>\n<div class=\"abstract\" style=\"line-height: 1.8; margin: 24px 12px; padding: 24px 12px 10px 12px;\">This post was originally written to describe the encryption process for Backblaze Personal Backup. To learn more about our security methods today, including our processes regarding Backblaze <a href=\"https:\/\/www.backblaze.com\/cloud-storage\/solutions\/media-workflow\">B2 Cloud Storage<\/a>, please visit our <a href=\"https:\/\/www.backblaze.com\/cloud-storage\/security\" target=\"_blank\" rel=\"noopener noreferrer\">security page<\/a>.<br \/>\n<span style=\"display: block; margin-right: 5%; text-align: right;\">\u2014The Editors<\/span><\/div>\n<h2>Goal: Security Done Right<\/h2>\n<p>Protecting the privacy of our users\u2019 data is a top priority for us here at Backblaze and that means encryption. But providing a service that is extremely easy to use is also a key part of our vision and far too often encryption makes a product hard to use. This trade-off was unacceptable to us so we set out to build a system that delivers military grade encryption without compromise! Here is the full list of our requirements:<\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ol>1. Protect data with military grade encryption<\/ol>\n<\/li>\n<li style=\"list-style-type: none;\">\n<ol>2. Implement encryption transparently so users don\u2019t have to deal with it<\/ol>\n<\/li>\n<li style=\"list-style-type: none;\">\n<ol>3. Allow users to change their password without re-encrypting their data<\/ol>\n<\/li>\n<li style=\"list-style-type: none;\">\n<ol>4. In business environments, allow IT access to data without the user\u2019s password<\/ol>\n<\/li>\n<\/ul>\n<h2>The Solution: Military Grade Encryption Made Easy<\/h2>\n<p>To accomplish the ambitious goals above we used a mix of <a href=\"http:\/\/en.wikipedia.org\/wiki\/Public_key\" target=\"_blank\" rel=\"noopener noreferrer\">public\/private<\/a> and <a href=\"http:\/\/en.wikipedia.org\/wiki\/Symmetric_key\" target=\"_blank\" rel=\"noopener noreferrer\">symmetric key<\/a> algorithms. The math behind this cryptography is hard but the idea is simple&#8230; Public\/private keys allow you to encrypt data with one key and decrypt it with another one. Typically data is encrypted with the public key and decrypted with a private key that is kept secret but the reverse also works. This is very useful because it allows us to encrypt data in the background without requiring the user to type in their password.<\/p>\n<p>Unfortunately, public\/private key algorithms are slow and can\u2019t be used to encrypt a large amount of data. Symmetric key algorithms use the same key to encrypt and decrypt data and are very fast on large amounts of data. But since the same key is used to decrypt the data, the data is only secure if the symmetric key is secure.<\/p>\n<p>Combining these algorithms, here\u2019s how our system works.<br \/>\n<img decoding=\"async\" src=\"https:\/\/www.backblaze.com\/blog\/wp-content\/uploads\/2008\/11\/encryption_diagram_blog_small.jpg\" alt=\"Encryption\" \/><br \/>\n<img decoding=\"async\" src=\"https:\/\/www.backblaze.com\/blog\/wp-content\/uploads\/2008\/11\/decryption_diagram_blog_small.jpg\" alt=\"Decryption\" \/><br \/>\nWe generate a new 2048-bit <a href=\"https:\/\/en.wikipedia.org\/wiki\/RSA_(cryptosystem)\" target=\"_blank\" rel=\"noopener noreferrer\">RSA public\/private key<\/a> pair when our client is installed, store the public key on the local disk and transmit the private key to our data center via https. Then, for each backup session, we generate a new random 128-bit <a href=\"http:\/\/en.wikipedia.org\/wiki\/Advanced_Encryption_Standard\" target=\"_blank\" rel=\"noopener noreferrer\">Advanced Encryption Standard (AES) symmetric key<\/a> which we use to encrypt the user\u2019s data. We secure the 128-bit AES key by encrypting it with the user\u2019s public key and transmit the encrypted file along with the encrypted key to our data center over https. We destroy the unencrypted 128-bit AES key at the end of each backup session and never write it to disk. To decrypt a file, the user\u2019s private key is used to decrypt the 128-bit AES which is then used to decrypt the file.<\/p>\n<p>The user\u2019s private key which is stored safely in our data center is protected by a password that is highly guarded. But for some users this is not good enough and we allow the user to secure this file with their own password. When this is done it is impossible to access the data without the user\u2019s password. Unfortunately, this also means we can\u2019t help the user if they ever forget this password so we don\u2019t recommend it for most users.<\/p>\n<p>The real beauty of this scheme becomes clear when you look back at our goals above. AES is the encryption standard adopted by the US government to protect classified information. #1 solved. Using the user\u2019s public key we can safely run transparently in the background without compromising security. #2, check. Since a password is used to secure the private key rather than to encrypt the data directly, the password can be changed by re-encrypting only the private key with the new password. #3 accomplished. And last but not least, you can make several copies of the user\u2019s private key and encrypt each copy with a different password to provide IT access to data without the need to share passwords. #4 done!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This post was originally written to describe the encryption process for Backblaze Personal Backup. To learn more about our security methods today, including our processes regarding Backblaze B2 Cloud Storage, please visit our security page. \u2014The Editors Goal: Security Done Right Protecting the privacy of our users\u2019 data is a top priority for us here&hellip; <a class=\"more-link\" href=\"https:\/\/www.backblaze.com\/blog\/how-to-make-strong-encryption-easy-to-use\/\">Continue reading <span class=\"screen-reader-text\">How to Make Strong Encryption Easy to Use<\/span><\/a><\/p>\n","protected":false},"author":5,"featured_media":94689,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"content-type":"","footnotes":""},"categories":[131,6],"tags":[471,384],"class_list":["post-68","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-backblaze-bits","category-techbytes","tag-businessbackup","tag-security","entry"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Is Backblaze Encrypted? How to Make Strong Encryption Easy to Use<\/title>\n<meta name=\"description\" content=\"This post was originally written to describe the encryption process for Backblaze Personal Backup. To learn more about our security methods today,\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.backblaze.com\/blog\/how-to-make-strong-encryption-easy-to-use\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Is Backblaze Encrypted? How to Make Strong Encryption Easy to Use\" \/>\n<meta property=\"og:description\" content=\"This post was originally written to describe the encryption process for Backblaze Personal Backup. To learn more about our security methods today,\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.backblaze.com\/blog\/how-to-make-strong-encryption-easy-to-use\/\" \/>\n<meta property=\"og:site_name\" content=\"Backblaze Blog | Cloud Storage &amp; Cloud Backup\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/backblaze\" \/>\n<meta property=\"article:published_time\" content=\"2008-11-12T22:42:21+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-12-12T20:54:30+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/backblazeprod.wpenginepowered.com\/wp-content\/uploads\/2008\/03\/bb-bh-Hardened-Against-Disaster.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1440\" \/>\n\t<meta property=\"og:image:height\" content=\"820\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Tim Nufire\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@backblaze\" \/>\n<meta name=\"twitter:site\" content=\"@backblaze\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Tim Nufire\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Is Backblaze Encrypted? How to Make Strong Encryption Easy to Use","description":"This post was originally written to describe the encryption process for Backblaze Personal Backup. To learn more about our security methods today,","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.backblaze.com\/blog\/how-to-make-strong-encryption-easy-to-use\/","og_locale":"en_US","og_type":"article","og_title":"Is Backblaze Encrypted? How to Make Strong Encryption Easy to Use","og_description":"This post was originally written to describe the encryption process for Backblaze Personal Backup. To learn more about our security methods today,","og_url":"https:\/\/www.backblaze.com\/blog\/how-to-make-strong-encryption-easy-to-use\/","og_site_name":"Backblaze Blog | Cloud Storage &amp; Cloud Backup","article_publisher":"https:\/\/www.facebook.com\/backblaze","article_published_time":"2008-11-12T22:42:21+00:00","article_modified_time":"2025-12-12T20:54:30+00:00","og_image":[{"width":1440,"height":820,"url":"https:\/\/backblazeprod.wpenginepowered.com\/wp-content\/uploads\/2008\/03\/bb-bh-Hardened-Against-Disaster.jpg","type":"image\/jpeg"}],"author":"Tim Nufire","twitter_card":"summary_large_image","twitter_creator":"@backblaze","twitter_site":"@backblaze","twitter_misc":{"Written by":"Tim Nufire","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.backblaze.com\/blog\/how-to-make-strong-encryption-easy-to-use\/#article","isPartOf":{"@id":"https:\/\/www.backblaze.com\/blog\/how-to-make-strong-encryption-easy-to-use\/"},"author":{"name":"Tim Nufire","@id":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/#\/schema\/person\/2bed25a1ad31570b8c1333e45f83af82"},"headline":"How to Make Strong Encryption Easy to Use","datePublished":"2008-11-12T22:42:21+00:00","dateModified":"2025-12-12T20:54:30+00:00","mainEntityOfPage":{"@id":"https:\/\/www.backblaze.com\/blog\/how-to-make-strong-encryption-easy-to-use\/"},"wordCount":677,"commentCount":28,"publisher":{"@id":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.backblaze.com\/blog\/how-to-make-strong-encryption-easy-to-use\/#primaryimage"},"thumbnailUrl":"https:\/\/backblazeprod.wpenginepowered.com\/wp-content\/uploads\/2008\/03\/bb-bh-Hardened-Against-Disaster.jpg","keywords":["BusinessBackup","Security"],"articleSection":["Backblaze Bits","Techbytes"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.backblaze.com\/blog\/how-to-make-strong-encryption-easy-to-use\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.backblaze.com\/blog\/how-to-make-strong-encryption-easy-to-use\/","url":"https:\/\/www.backblaze.com\/blog\/how-to-make-strong-encryption-easy-to-use\/","name":"Is Backblaze Encrypted? How to Make Strong Encryption Easy to Use","isPartOf":{"@id":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.backblaze.com\/blog\/how-to-make-strong-encryption-easy-to-use\/#primaryimage"},"image":{"@id":"https:\/\/www.backblaze.com\/blog\/how-to-make-strong-encryption-easy-to-use\/#primaryimage"},"thumbnailUrl":"https:\/\/backblazeprod.wpenginepowered.com\/wp-content\/uploads\/2008\/03\/bb-bh-Hardened-Against-Disaster.jpg","datePublished":"2008-11-12T22:42:21+00:00","dateModified":"2025-12-12T20:54:30+00:00","description":"This post was originally written to describe the encryption process for Backblaze Personal Backup. To learn more about our security methods today,","breadcrumb":{"@id":"https:\/\/www.backblaze.com\/blog\/how-to-make-strong-encryption-easy-to-use\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.backblaze.com\/blog\/how-to-make-strong-encryption-easy-to-use\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.backblaze.com\/blog\/how-to-make-strong-encryption-easy-to-use\/#primaryimage","url":"https:\/\/backblazeprod.wpenginepowered.com\/wp-content\/uploads\/2008\/03\/bb-bh-Hardened-Against-Disaster.jpg","contentUrl":"https:\/\/backblazeprod.wpenginepowered.com\/wp-content\/uploads\/2008\/03\/bb-bh-Hardened-Against-Disaster.jpg","width":1440,"height":820,"caption":"row of Backblaze storage pods"},{"@type":"BreadcrumbList","@id":"https:\/\/www.backblaze.com\/blog\/how-to-make-strong-encryption-easy-to-use\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/"},{"@type":"ListItem","position":2,"name":"How to Make Strong Encryption Easy to Use"}]},{"@type":"WebSite","@id":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/#website","url":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/","name":"Backblaze Cloud Solutions Blog","description":"Cloud Storage &amp; Cloud Backup","publisher":{"@id":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/#organization","name":"Backblaze","url":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/i0.wp.com\/www.backblaze.com\/blog\/wp-content\/uploads\/2017\/12\/backblaze_icon_transparent.png?fit=512%2C512&ssl=1","contentUrl":"https:\/\/i0.wp.com\/www.backblaze.com\/blog\/wp-content\/uploads\/2017\/12\/backblaze_icon_transparent.png?fit=512%2C512&ssl=1","width":512,"height":512,"caption":"Backblaze"},"image":{"@id":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/backblaze","https:\/\/x.com\/backblaze","https:\/\/www.youtube.com\/user\/Backblaze","https:\/\/en.wikipedia.org\/wiki\/Backblaze"]},{"@type":"Person","@id":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/#\/schema\/person\/2bed25a1ad31570b8c1333e45f83af82","name":"Tim Nufire","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/8b89c20842adfcfd5d609864de6485fd81d5422a13a3d4ad51e752d13641f266?s=96&d=blank&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/8b89c20842adfcfd5d609864de6485fd81d5422a13a3d4ad51e752d13641f266?s=96&d=blank&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/8b89c20842adfcfd5d609864de6485fd81d5422a13a3d4ad51e752d13641f266?s=96&d=blank&r=g","caption":"Tim Nufire"},"description":"Tim Nufire is a co-founder, chief cloud officer, and a member of the Backblaze Board of Directors. In Backblaze\u2019s early days, Tim developed the building\u00a0blocks of what is now the Backblaze Storage Cloud. Today, Tim is focused on running the Production Systems, Technical Operations, and Supply Chain teams within Cloud Operations.","url":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/author\/tnufire\/"}]}},"jetpack_featured_media_url":"https:\/\/backblazeprod.wpenginepowered.com\/wp-content\/uploads\/2008\/03\/bb-bh-Hardened-Against-Disaster.jpg","_links":{"self":[{"href":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/wp-json\/wp\/v2\/posts\/68","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/wp-json\/wp\/v2\/comments?post=68"}],"version-history":[{"count":0,"href":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/wp-json\/wp\/v2\/posts\/68\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/wp-json\/wp\/v2\/media\/94689"}],"wp:attachment":[{"href":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/wp-json\/wp\/v2\/media?parent=68"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/wp-json\/wp\/v2\/categories?post=68"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/backblazeprod.wpenginepowered.com\/blog\/wp-json\/wp\/v2\/tags?post=68"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}