[Box Backup] Private key, web access, sharing and delegation
james at netinertia.co.uk
Wed Aug 24 07:55:54 BST 2011
On Wed, Aug 24, 2011 at 02:20:49AM +0200, Achim J. Latz wrote:
> Hello list, a slightly longer message for your contemplation during
> holiday season:
Has Christmas come early? :-)
> Several online backup services offer the possibility to browse through
> and restore from the existing backups via a web interface.
> In case the backup is encrypted (as it is with Box Backup), this
> functionality means that the private encryption key (or password) has to
> be available to the backup server to decrypt the backups on the fly, as
> probably explained in better terms here:
> Would it be possible to emulate such a behaviour (current as-is BB, plus
> optional password-based web search&restore)? Couls Box Backup Explorer
> [1, 2] be used for this *on the server*, as opposed to on the (unixy)
> client? Would adding a password to the 1024 bit private key be useful?
> The private key alone could be stored on the server, and only in
> combination with the user's password, the backups become "browsable" ?
The idea with Box Backup is that the server running bbstored doesn't
have to be trusted at all. If you put the client's private key on the
server, then it has access to all your data. It's a risk you have to be
willing to accept yourself.
Otherwise, it's better to run a local web interface on the client, or
perhaps on another machine on the same network as the client.
> At the same time, can somebody guesstimate how e.g. Spideroak enable
> sharing documents with other users via password protection without
> re-encrypting the shared documents to the other user's keys/passwords:
It depends what method they're using. If it's something similar to PGP,
then I believe it would be possible with that.
> In the same line, how are people handling the delegation of private
> keys? In case you need to access the backup of an employee in your
> department, would there be a way to "share" access between to keys with
> two independent passwords? Same goes for removing access to certain
> backups, in case of moving to another department or leaving the company?
> If an employee destroys his backup key, it would be attractive to have a
> master key for the organisation that can unlock all backups, right?
The keys are usually owned by root (as bbackupd usually runs as root),
so you could "delegate" access through sudo or some other RBAC method.
As for master keys, I'm not sure about that - Chris (or Ben) may have an
answer, but it doesn't seem like it would be easy to implement.
More information about the Boxbackup