[Box Backup] Private key, web access, sharing and delegation
Achim J. Latz
achim+box at qustodium.net
Wed Aug 24 01:20:49 BST 2011
Hello list, a slightly longer message for your contemplation during
Several online backup services offer the possibility to browse through
and restore from the existing backups via a web interface.
In case the backup is encrypted (as it is with Box Backup), this
functionality means that the private encryption key (or password) has to
be available to the backup server to decrypt the backups on the fly, as
probably explained in better terms here:
Would it be possible to emulate such a behaviour (current as-is BB, plus
optional password-based web search&restore)? Couls Box Backup Explorer
[1, 2] be used for this *on the server*, as opposed to on the (unixy)
client? Would adding a password to the 1024 bit private key be useful?
The private key alone could be stored on the server, and only in
combination with the user's password, the backups become "browsable" ?
At the same time, can somebody guesstimate how e.g. Spideroak enable
sharing documents with other users via password protection without
re-encrypting the shared documents to the other user's keys/passwords:
In the same line, how are people handling the delegation of private
keys? In case you need to access the backup of an employee in your
department, would there be a way to "share" access between to keys with
two independent passwords? Same goes for removing access to certain
backups, in case of moving to another department or leaving the company?
If an employee destroys his backup key, it would be attractive to have a
master key for the organisation that can unlock all backups, right?
Thanks for any insights, Achim
Achim J. Latz, Qustodium Internet Security
achim.latz at qustodium.net · http://www.qustodium.net
Data Encryption · Backup Automatisation · E-Mail Protection
More information about the Boxbackup