A few months back Amazon made an update to allow you to change your AWS Secret Key on demand. By default, Jungle Disk encrypts files using your AWS Secret Key (this can be changed to a custom key in the encryption options). Note that if you use the default setting and later change your AWS Secret Key, you need to keep a copy of your previous key in the decryption keys list in Encryption Options. This will allow you to decrypt files that were uploaded using your old key. You should also keep a copy of the key in a safe place in case you need to re-install the software. We’ve posted a reminder about this on our Encryption help page.
6 Comments
RSS feed for comments on this post · TrackBack URI
Subscribe to our feed
MikeB said,
September 4, 2007 @ 11:12 am
You might consider having JD automatically add the AWS Secret Key to the list of ‘previous’ encryption keys so that if a user changes the AWS key they won’t run into this problem.
In fact, this might be a good idea for JD to do for any encryption key – automatically add it to the list, then let the user manually remove them when they feel it’s safe to do so.
Also, is there a way to determine if it’s safe to remove previous encryption keys (ie., when there are no longer any files encrypted with that key in the JD S3 bucket?)
I don’t know if there are other security considerations that I’m overlooking on this – this is just off the top of my head.
Jungle Dave said,
September 4, 2007 @ 11:14 am
We can add it to the previous list automatically, however it’s important for users to know they need to keep the key somewhere safe. For example, if they re-install they will need to add the key back to the list.
Shlep said,
September 4, 2007 @ 2:46 pm
Yeah, this little bit of wisdom killed me a couple of months ago. I was still a noob with JD and S3. I somehow ended up with some spyware on my system (keylogger), so I decided to change all of my passwords and I suddenly couldn’t access my stuff on S3. Fortunately I still had a copy of all of the data there, but it took me a few days to re-upload 60 GB of data. I don’t blame anyone at JD or S3, it was my fault, but it would have been nice to have the keys stored automagically.
Keep up the great work with JD. I’m spreading the word as much as I can.
Jungle Dave said,
September 4, 2007 @ 2:50 pm
For anyone else who happens to run into this situation, note that Amazon apparently keeps a record of your previous keys, and you can obtain them from their support if needed. However I don’t recommend relying on this – you should always keep a record of your previous key when changing.
Shlep said,
September 5, 2007 @ 5:57 pm
I contacted Amazon and posted on their developer message boards and was told numerous times that the keys were unrecoverable. That may have changed over the last 6 months, but like Dave said, don’t rely on it.
Jungle Disk » Blog Archive » Encryption changes coming in Jungle Disk 1.46 said,
November 6, 2007 @ 6:21 pm
[...] don’t realize that their AWS Secret Key is also their encryption key. We’ve posted a reminder in several places about this issue, but we can’t ensure that users will keep their old key [...]