[GemStone-Smalltalk] Understanding secure backups

Wed Sep 4 17:37:26 PDT 2019

Thanks Norm,

that makes perfect sense and is the bit of explanation I was missing.

Regards

On 2019/09/04 16:53, Norm Green via GemStone-Smalltalk wrote:
> The certificates contain public keys, so the public keys come from 
> there.  We do not validate the certificates, so there is no CA cert file 
> used here.
> 
> The signing key is a private key and can be RSA or DSA in the latest 
> versions GemStone (initially it had to be RSA).
> 
> It works like this:
> 
>  1. Generate a random encryption key (symmetric)
>  2. For each certificate provided, use the cert to encrypt the
>     encryption key and store the encrypted form in the backup file.
>  3. Write the backup file, encrypting each backup record using the
>     encryption key
>  4. When finished, generate a hash of the backup and store it in the
>     backup file.
>  5. Finally, use the signing key (RSA or DSA private key) to sign the
>     hash and store it in the backup file.
> 
> To restore the backup, you need a private key that matches one of the 
> certs used to create the backup.  You also need the cert (public key) 
> that matches the signing key to validate the backup has not been 
> tampered with.
> 
> Hope this helps.
> 
> 
> Norm Green
> 
> 
> 
> On 9/3/2019 11:14 PM, Iwan Vosloo via GemStone-Smalltalk wrote:
>> On closer inspection though, I am still confused:
>>
>> The docs talk about key pairs:
>>
>> > Secure backups require RSA keypairs, both for signing and for
>> > encryption (if used);
>>
>> But, the method and the docs for the method talk about certificates:
>>
>> > publicKeyCerts: anArrayOrString
>>
>> > anArrayOfString - an array of names of public certificate files, or
>> > nil if the backup will not be encrypted (if encryptionKind is 0). Up
>> > to 8 may be included. At least one of the private keys corresponding
>> > to these public keys will be needed in order to restore this backup
>>
>> Thats pertaining to encryption. For signing, I see:
>>
>> > signingKey: signingKeyFn
>> > signingKeyPassphrase: aPassphrase
>>
>> > signingKeyFn - the name of the signing private key certificate file.
>> > aPassphrase - the passphrase for the signing key certificate.
>>
>> So, for encryption, the docs in this instance refer to certificate 
>> files for both signing and encryption (even though the method names 
>> for signing seem to indicate a signingKey instead).
>>
>> Also, when I opened the relevant example files I saw they are indeed 
>> certificates.
>>
>> So the question then becomes: they're all certificates...but how does 
>> the CA and its private/public keys come into it? Does its public key 
>> need to be present when backing up or restoring using the certificates 
>> issued by it?
>>
>>
>> Regards
>> -Iwan
>>
>>
>> On 2019/09/04 12:32, Iwan Vosloo via GemStone-Smalltalk wrote:
>>> Ah, I see that the certs are used by GsSecureSocket which makes 
>>> sense. I guess the secure backup examples just use the same 
>>> directories for storing their keys as well.
>>>
>>> On 2019/09/04 12:13, Iwan Vosloo wrote:
>>>> Hi there.
>>>>
>>>> I am trying to figure out how to use GemStone secure backups on 
>>>> GemStone 64Bit 3.4.1 on Linux.
>>>>
>>>> The documentation talks of private and public keys - things I 
>>>> understand and know how to generate using openssl.
>>>>
>>>> However, what confuses me is the contents of the directory 
>>>> $GEMSTONE/examples/openssl
>>>>
>>>> Specifically, there are scripts in there related to being a 
>>>> certificate authority, and there is a CA certificate.
>>>>
>>>> I see no mention of certificates and being a CA in documentation, so 
>>>> I wondered what it is used for and how?
>>>>
>>>> Regards
>>>> Iwan
>>>>
>>>>
>>>
>>>
>>
>>
> 
> 
> _______________________________________________
> GemStone-Smalltalk mailing list
> GemStone-Smalltalk at lists.gemtalksystems.com
> https://lists.gemtalksystems.com/mailman/listinfo/gemstone-smalltalk
> 

-- 