technology training and consulting with a personal touch!

TechTouch Backup Security

At TechTouch, we take the security and protection of your important files, data, and personal information very seriously. Our products are architected with security being the most important design objective.

All communications by TechTouch products use industry-standard algorithms and protocols for encryption and authentication. Nobody will be able to see or access the data transmitted between your computers and the backup server - not even us.

SSL/TLS communications

The communications protocol used in TechTouch Remote Online Backup Service is SSL/TLS (OpenSSL). The same protocol is the standard for web-based commerce and online banking. It provides authentication and protection against eavesdropping, tampering and message forgery.

TechTouch’s servers are authenticated by the computer running Remote Online Backup Service using the PKI certificate presented after establishing a connection. Once the server’s certificate has been verified and a secure SSL/TLS connection has been established, Remote Online Backup logs in to the server using a pre-assigned identifier and a pre-shared secret. Client-to-Backup Server mappings are managed by TechTouch.

Data Storage

A backup set is encrypted with a password, the encryption occurs on the client, and the data is stored on the Backup Server in encrypted form. (Even unencrypted backup sets are transmitted from the client to storage in a secure manner.)

The following process ensures that the password and the data it safeguards stay secure:

Key generation

  • A secret key is derived from the password in the backup set using a salt value and a PBKDF1-like algorithm using SHA-256.
  • A 2048-bit RSA keypair is generated.
  • The private RSA key is encrypted with the secret key.
  • The encrypted private key, the plain text public key and the salt value are stored as metadata for the backup set.

File encryption

  • When a file is backed up, a random symmetric encryption key is generated and the file is encrypted using the AES-256-CBC cipher.
  • The symmetric encryption key is then encrypted with the public RSA key, and the resulting ciphertext is stored as metadata for the file.

File decryption

  • The user must type the correct password for the backup set. This allows for the regeneration of the secret key, and the decryption of the RSA private key.
  • The RSA private key is used to decrypt the individual file keys, which allows decrypting the file.

TechTouch Remote Online Backup does not require the backup set password (or the unencrypted RSA private key) to leave the client computer, and it allows for the encryption of unattended scheduled backups to take place without storing the password.