Encryption
MokoJoomBackup supports AES-256 encryption for backup archives, providing GDPR-compliant protection for offsite storage.
How It Works
- Set an Encryption Password in the profile's Archive Settings tab
- After the ZIP archive is created, every file inside is encrypted using AES-256
- The resulting archive is WinZip-compatible — can be opened with 7-Zip, WinZip, or any AES-capable tool
- The SHA-256 checksum is computed after encryption (verifies the encrypted archive)
Requirements
- PHP 7.2+ compiled with libzip 1.2.0+
- Uses
ZipArchive::EM_AES_256 (checked at runtime with clear error if unsupported)
Setting Up
- Edit a backup profile
- Go to the Archive Settings tab
- Enter a password in the Encryption Password field
- Save — all future backups with this profile will be encrypted
Restoring Encrypted Backups
Admin Restore
When restoring an encrypted backup from the admin UI, provide the decryption password in the restore form.
MokoRestore (Standalone)
The standalone restore.php script includes a password field in Step 2 (Extract). Enter the same password used during backup.
Use any tool that supports AES-256 ZIP encryption:
Best Practices
- Use strong passwords (16+ characters)
- Store the password separately from the backup (e.g. password manager)
- Test decryption after the first encrypted backup
- Different profiles can have different passwords (or no password)