Escrow Key

An escrow key, stored in a safe place, can protect against data loss by allowing you to restore a backup even if you passphrase protect the encryption secret and then forget the passphrase.

If you don't use passphrase protection, you don't need an escrow key. Your data is still encrypted, but the key exchange is managed transparently by the Hub.

Forgotten your passphrase and don't have an escrow key?

If the system you backed up is still available, you can set a new passphrase in the TKLBAM Webmin interface without needing to know the old passphrase.

Otherwise, if you've forgotten the passphrase and don't have an escrow key nobody can help you. The encryption key for a backup is generated locally on your server and we designed passphrase protection to use special cryptographic countermeasures to make typical cracking techniques (e.g., dictionary attacks) very difficult even for an attacker with access to massive computer resources.

Next time we recommend you save an escrow key somewhere safe or don't set a passphrase.