Transpire Cloud Services leverages Synology C2 Cloud Backup to our customers. This encryption is a military grade data protection from one Synology NAS to the cloud of Synology and is recommended most for government, financial and health care entities.
How AES and RSA work together to protect C2 backup data We value data confidentiality as much as you value your valuables. That’s why we employ AES-256 and RSA-2048 encryption technologies to make your backup data virtually invulnerable to unauthorized access and malicious attacks.
AES-256 AES (Advanced Encryption Standard) is a symmetric encryption algorithm, meaning that you have to use the same key to encrypt and decrypt data. Every backup version is encrypted with a randomly generated AES key, and you’ll need the very same key to decrypt the data. A 256-bit long key size is the most complicated one among the three key lengths (128, 192, and 256 bits), and that’s what makes it extremely difficult to crack.
RSA-2048 To add an extra layer of protection to the AES key, it is further encrypted by an RSA-2048 public key. RSA (Rivest–Shamir–Adleman) is an asymmetric encryption algorithm used to secure data transmission with a key pair – a public key and a private key used for encryption and decryption respectively. Only the owner of the paired private key can decode the public-key encrypted message.
A perfect match When you create a task to back up data from the client-side NAS to the server-side cloud via Hyper Backup, two AES-256 keys will be generated: one for the filename and the other for the backup version. We make the filenames unreadable because we know sometimes you don’t feel comfortable showing them to others and thus they’d better be kept secret. The hard-coded filename key will turn your file name into ciphertext, so no one on the server side will see your filename whatsoever. As for the version key, it is randomly generated for each backup version. When the backup task is done, the version key will then be further encrypted by an RSA public key before the backup data goes to the server side.