Re: [Bacula-users] only public key access
Hello, On Jan/09/2008, Dan Langille wrote: >>> My wish is this process: >>> -Generate public+private key in a secure computer >>> -Copy the public key to bacula-fd computer >>> -Copy the private key to some other place >> >> The file daemon configuration code currently requires that at least one >> private key be present -- changing this would be a relatively small patch. >> The crypto implementation shouldn't make (m)any assumptions about key >> availability, so I believe the config change should be sufficient. >> >> If you've any interest in tackling this, I can provide some pointers, >> otherwise I can try to get around to it sometime next week. > > I had a couple of thoughts about this tonight... > > I was thinking about off site backups and what best practice would be: > encrypt them. If you are sending your backups off-site for safe keeping, > they are outside your control, and you'll probably want to encrypt them on > the tape. > > If you are encrypting at the FD, you'll want the public key there, but > probably not the private key. You might want the same key pair used on all > clients, but the master key kept somewhere secure. Yes... but I'm not sure that "the same key pair used on all clients". At least, please, don't force it :-) > Then I thought, if you want to do that, why not just encrypt at the SD > instead of the FD. If you're a big company and you want to encrypt, why > not do it all in one place? Why bother distributing the same key > everywhere? Or multiple keys for that matter? Imagine that you want to offer backup service to external offices. You need the cyphered data (to backup) but you would not want the private key. You need to receive this already cyphered without any way to decrypt it. The best approach for this (IMHO, with my limited knowlegdes) would be to generated to public/private key in a customers trusted computer and only get the public key to crypt. So, we would never have access to the private key. I'm thinking how to guarantee the backup and disallowing myself to decrypt the data (for legal reasons, trust reasons, etc.) > Landon: given what you know now, would encrypting at the SD be similar in > scope to encrypting at the FD? I feel that this is very different (SD is on server, FD on client, if I remember correctly the Bacula nomenclature) Thank you very much for your attention, -- Carles Pina i EstanyGPG id: 0x8CBDAE64 http://pinux.info Manresa - Barcelona - Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
Re: [Bacula-users] only public key access
Landon Fuller wrote: > > On Jan 3, 2008, at 05:19, Carles Pina i Estany wrote: > >> >> Hello, >> >> I have a short question. I only wonder if someone is using it or not >> (so, if Bacula supports it or doesn't support). We made some tests and >> we couldn't do but we will re-test. >> >> Question is: is it possible to cypher the data in bacula-fd (client), and >> this bacula-fd has only access to his public key? NOT the private key? >> >> My wish is this process: >> -Generate public+private key in a secure computer >> -Copy the public key to bacula-fd computer >> -Copy the private key to some other place > > The file daemon configuration code currently requires that at least one > private key be present -- changing this would be a relatively small patch. > The crypto implementation shouldn't make (m)any assumptions about key > availability, so I believe the config change should be sufficient. > > If you've any interest in tackling this, I can provide some pointers, > otherwise I can try to get around to it sometime next week. I had a couple of thoughts about this tonight... I was thinking about off site backups and what best practice would be: encrypt them. If you are sending your backups off-site for safe keeping, they are outside your control, and you'll probably want to encrypt them on the tape. If you are encrypting at the FD, you'll want the public key there, but probably not the private key. You might want the same key pair used on all clients, but the master key kept somewhere secure. Then I thought, if you want to do that, why not just encrypt at the SD instead of the FD. If you're a big company and you want to encrypt, why not do it all in one place? Why bother distributing the same key everywhere? Or multiple keys for that matter? Landon: given what you know now, would encrypting at the SD be similar in scope to encrypting at the FD? -- Dan Langille - http://www.langille.org/ BSDCan - The Technical BSD Conference: http://www.bsdcan.org/ PGCon - The PostgreSQL Conference:http://www.pgcon.org/ - Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
Re: [Bacula-users] only public key access
Hello, On Jan/03/2008, Landon Fuller wrote: > > On Jan 3, 2008, at 05:19, Carles Pina i Estany wrote: > >> >> Hello, >> >> I have a short question. I only wonder if someone is using it or not >> (so, if Bacula supports it or doesn't support). We made some tests and >> we couldn't do but we will re-test. >> >> Question is: is it possible to cypher the data in bacula-fd (client), and >> this bacula-fd has only access to his public key? NOT the private key? >> >> My wish is this process: >> -Generate public+private key in a secure computer >> -Copy the public key to bacula-fd computer >> -Copy the private key to some other place > > The file daemon configuration code currently requires that at least one > private key be present -- changing this would be a relatively small patch. > The crypto implementation shouldn't make (m)any assumptions about key > availability, so I believe the config change should be sufficient. Ok! > If you've any interest in tackling this, I can provide some pointers, > otherwise I can try to get around to it sometime next week. I would like (love) to have it, but is not urgent or necessary. My schedule (in work time and free time) is full for at least one month, so I prefer that you try to get around it next week (or whenever you can). If you need some basic testing in different environment we can help a bit on it. Thanks you very much, -- Carles Pina i EstanyGPG id: 0x8CBDAE64 http://pinux.info Manresa - Barcelona - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
Re: [Bacula-users] only public key access
On Jan 3, 2008, at 05:19, Carles Pina i Estany wrote: Hello, I have a short question. I only wonder if someone is using it or not (so, if Bacula supports it or doesn't support). We made some tests and we couldn't do but we will re-test. Question is: is it possible to cypher the data in bacula-fd (client), and this bacula-fd has only access to his public key? NOT the private key? My wish is this process: -Generate public+private key in a secure computer -Copy the public key to bacula-fd computer -Copy the private key to some other place The file daemon configuration code currently requires that at least one private key be present -- changing this would be a relatively small patch. The crypto implementation shouldn't make (m)any assumptions about key availability, so I believe the config change should be sufficient. If you've any interest in tackling this, I can provide some pointers, otherwise I can try to get around to it sometime next week. -landonf PGP.sig Description: This is a digitally signed message part - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
Re: [Bacula-users] only public key access
Hi! On Jan/03/2008, Arno Lehmann wrote: > 03.01.2008 14:19,, Carles Pina i Estany wrote:: > > Hello, > > > > I have a short question. I only wonder if someone is using it or not > > (so, if Bacula supports it or doesn't support). We made some tests and > > we couldn't do but we will re-test. > > > > Question is: is it possible to cypher the data in bacula-fd (client), and > > this bacula-fd has only access to his public key? NOT the private key? > > As far as I know, this is NOT possible. > > There are two reasons: Encryption is asymmetric, i.e. you couldn't > restore from an encrypted backup, which will be quite pointless (most > of the time). I'm thinking in a very concrete scenario. But for me makes sense, for example, to have the private key away from that bacula-fd. I'm thinking, for example, in a scenario with one firm doing the backups and selling this service to another firm. Would be great to never "touch" the private key. > The second reason is that, with TLS, to generate the actual, > symmetric, session key, the private key is used. disable TLS and enable encryption would fix it, I understand (yes, I know, meta data is not cyphered). Also, I think that would be possible to use other pair of keys for TLS (but is just a thought here, I'm not expert in cryptography, bacula, etc.) > > Sorry for the lack of information, but we only need to know if it's > > possible to do :-) (and some advise about how to do it is welcome, of > > course). We already checked bacula documentation but is only giving > > instructions having the public and private key in bacula-fd, as far as > > we've found. > > Of course you could try to use the keys swapped, i.e. treat the public > key as secret and vice versa. I don't know if this works, it might be > that the FD needs both keys. I had this feeling when I tried to test it. Doesn't matter :-) > > NEXT IDEA: bacula-fd cyphers the data only using master public key. This > > would be fine too -generate the keys, public key is sent to server and > > private key is not sent-. But we couldn't use that way either > > As far as I know, a master key is used as an additional key only. I thought to use as additional key without any other key :-) (so, the only key in the system) Thanks for your attention and information! -- Carles Pina i EstanyGPG id: 0x8CBDAE64 http://pinux.info Manresa - Barcelona - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
Re: [Bacula-users] only public key access
Hi, 03.01.2008 14:19,, Carles Pina i Estany wrote:: > Hello, > > I have a short question. I only wonder if someone is using it or not > (so, if Bacula supports it or doesn't support). We made some tests and > we couldn't do but we will re-test. > > Question is: is it possible to cypher the data in bacula-fd (client), and > this bacula-fd has only access to his public key? NOT the private key? As far as I know, this is NOT possible. There are two reasons: Encryption is asymmetric, i.e. you couldn't restore from an encrypted backup, which will be quite pointless (most of the time). The second reason is that, with TLS, to generate the actual, symmetric, session key, the private key is used. > My wish is this process: > -Generate public+private key in a secure computer > -Copy the public key to bacula-fd computer > -Copy the private key to some other place > > (of course, without signature) > > As far we got, when we was removing the private key from keypair file or > pointing keypair file to only public key file, bacula-fd was not > starting (sorry, Windows version, and I don't have access now to this > Windows). > > Bacula-fd: Windows version > Bacula server: last stable version > > Sorry for the lack of information, but we only need to know if it's > possible to do :-) (and some advise about how to do it is welcome, of > course). We already checked bacula documentation but is only giving > instructions having the public and private key in bacula-fd, as far as > we've found. Of course you could try to use the keys swapped, i.e. treat the public key as secret and vice versa. I don't know if this works, it might be that the FD needs both keys. > NEXT IDEA: bacula-fd cyphers the data only using master public key. This > would be fine too -generate the keys, public key is sent to server and > private key is not sent-. But we couldn't use that way either As far as I know, a master key is used as an additional key only. Arno > Thanks you very much, > -- Arno Lehmann IT-Service Lehmann www.its-lehmann.de - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
