[GemStone-Smalltalk] Understanding secure backups
Iwan Vosloo
iwan at reahl.org
Tue Sep 3 23:14:08 PDT 2019
On closer inspection though, I am still confused:
The docs talk about key pairs:
> Secure backups require RSA keypairs, both for signing and for
> encryption (if used);
But, the method and the docs for the method talk about certificates:
> publicKeyCerts: anArrayOrString
> anArrayOfString - an array of names of public certificate files, or
> nil if the backup will not be encrypted (if encryptionKind is 0). Up
> to 8 may be included. At least one of the private keys corresponding
> to these public keys will be needed in order to restore this backup
Thats pertaining to encryption. For signing, I see:
> signingKey: signingKeyFn
> signingKeyPassphrase: aPassphrase
> signingKeyFn - the name of the signing private key certificate file.
> aPassphrase - the passphrase for the signing key certificate.
So, for encryption, the docs in this instance refer to certificate files
for both signing and encryption (even though the method names for
signing seem to indicate a signingKey instead).
Also, when I opened the relevant example files I saw they are indeed
certificates.
So the question then becomes: they're all certificates...but how does
the CA and its private/public keys come into it? Does its public key
need to be present when backing up or restoring using the certificates
issued by it?
Regards
-Iwan
On 2019/09/04 12:32, Iwan Vosloo via GemStone-Smalltalk wrote:
> Ah, I see that the certs are used by GsSecureSocket which makes sense. I
> guess the secure backup examples just use the same directories for
> storing their keys as well.
>
> On 2019/09/04 12:13, Iwan Vosloo wrote:
>> Hi there.
>>
>> I am trying to figure out how to use GemStone secure backups on
>> GemStone 64Bit 3.4.1 on Linux.
>>
>> The documentation talks of private and public keys - things I
>> understand and know how to generate using openssl.
>>
>> However, what confuses me is the contents of the directory
>> $GEMSTONE/examples/openssl
>>
>> Specifically, there are scripts in there related to being a
>> certificate authority, and there is a CA certificate.
>>
>> I see no mention of certificates and being a CA in documentation, so I
>> wondered what it is used for and how?
>>
>> Regards
>> Iwan
>>
>>
>
>
--
More information about the GemStone-Smalltalk
mailing list