[GemStone-Smalltalk] Understanding secure backups

Tue Sep 3 23:53:53 PDT 2019

The certificates contain public keys, so the public keys come from 
there.  We do not validate the certificates, so there is no CA cert file 
used here.

The signing key is a private key and can be RSA or DSA in the latest 
versions GemStone (initially it had to be RSA).

It works like this:

 1. Generate a random encryption key (symmetric)
 2. For each certificate provided, use the cert to encrypt the
    encryption key and store the encrypted form in the backup file.
 3. Write the backup file, encrypting each backup record using the
    encryption key
 4. When finished, generate a hash of the backup and store it in the
    backup file.
 5. Finally, use the signing key (RSA or DSA private key) to sign the
    hash and store it in the backup file.

To restore the backup, you need a private key that matches one of the 
certs used to create the backup.  You also need the cert (public key) 
that matches the signing key to validate the backup has not been 
tampered with.

Hope this helps.

Norm Green

On 9/3/2019 11:14 PM, Iwan Vosloo via GemStone-Smalltalk wrote:
> On closer inspection though, I am still confused:
>
> The docs talk about key pairs:
>
> > Secure backups require RSA keypairs, both for signing and for
> > encryption (if used);
>
> But, the method and the docs for the method talk about certificates:
>
> > publicKeyCerts: anArrayOrString
>
> > anArrayOfString - an array of names of public certificate files, or
> > nil if the backup will not be encrypted (if encryptionKind is 0). Up
> > to 8 may be included. At least one of the private keys corresponding
> > to these public keys will be needed in order to restore this backup
>
> Thats pertaining to encryption. For signing, I see:
>
> > signingKey: signingKeyFn
> > signingKeyPassphrase: aPassphrase
>
> > signingKeyFn - the name of the signing private key certificate file.
> > aPassphrase - the passphrase for the signing key certificate.
>
> So, for encryption, the docs in this instance refer to certificate 
> files for both signing and encryption (even though the method names 
> for signing seem to indicate a signingKey instead).
>
> Also, when I opened the relevant example files I saw they are indeed 
> certificates.
>
> So the question then becomes: they're all certificates...but how does 
> the CA and its private/public keys come into it? Does its public key 
> need to be present when backing up or restoring using the certificates 
> issued by it?
>
>
> Regards
> -Iwan
>
>
> On 2019/09/04 12:32, Iwan Vosloo via GemStone-Smalltalk wrote:
>> Ah, I see that the certs are used by GsSecureSocket which makes 
>> sense. I guess the secure backup examples just use the same 
>> directories for storing their keys as well.
>>
>> On 2019/09/04 12:13, Iwan Vosloo wrote:
>>> Hi there.
>>>
>>> I am trying to figure out how to use GemStone secure backups on 
>>> GemStone 64Bit 3.4.1 on Linux.
>>>
>>> The documentation talks of private and public keys - things I 
>>> understand and know how to generate using openssl.
>>>
>>> However, what confuses me is the contents of the directory 
>>> $GEMSTONE/examples/openssl
>>>
>>> Specifically, there are scripts in there related to being a 
>>> certificate authority, and there is a CA certificate.
>>>
>>> I see no mention of certificates and being a CA in documentation, so 
>>> I wondered what it is used for and how?
>>>
>>> Regards
>>> Iwan
>>>
>>>
>>
>>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gemtalksystems.com/mailman/private/gemstone-smalltalk/attachments/20190903/07d903fd/attachment.htm>