[Box Backup] Private key, web access, sharing and delegation

Achim J. Latz achim+box at qustodium.net
Wed Aug 24 01:20:49 BST 2011


Hello list, a slightly longer message for your contemplation during 
holiday season:

Several online backup services offer the possibility to browse through 
and restore from the existing backups via a web interface.

In case the backup is encrypted (as it is with Box Backup), this 
functionality means that the private encryption key (or password) has to 
be available to the backup server to decrypt the backups on the fly, as 
probably explained in better terms here:

<https://spideroak.com/engineering_matters#true_privacy>
<https://spideroak.com/engineering_matters#instant_access>

Would it be possible to emulate such a behaviour (current as-is BB, plus 
optional password-based web search&restore)? Couls Box Backup Explorer 
[1, 2] be used for this *on the server*, as opposed to on the (unixy) 
client? Would adding a password to the 1024 bit private key be useful? 
The private key alone could be stored on the server, and only in 
combination with the user's password, the backups become "browsable" [3]?

At the same time, can somebody guesstimate how e.g. Spideroak enable 
sharing documents with other users via password protection without 
re-encrypting the shared documents to the other user's keys/passwords:

<https://spideroak.com/engineering_matters#sharing_safety>

In the same line, how are people handling the delegation of private 
keys? In case you need to access the backup of an employee in your 
department, would there be a way to "share" access between to keys with 
two independent passwords? Same goes for removing access to certain 
backups, in case of moving to another department or leaving the company? 
If an employee destroys his backup key, it would be attractive to have a 
master key for the organisation that can unlock all backups, right?

Thanks for any insights, Achim

[1] <http://www.joonis.de/content/BoxBackupExplorer>
[2] <https://github.com/camlafit/BoxBackupExplorer>
[3] 
<http://blog.backblaze.com/2008/11/12/how-to-make-strong-encryption-easy-to-use/>

-- 
Achim J. Latz, Qustodium Internet Security
achim.latz at qustodium.net · http://www.qustodium.net
Data Encryption · Backup Automatisation · E-Mail Protection



More information about the Boxbackup mailing list