[GemStone-Smalltalk] Understanding secure backups

[Iwan Vosloo]

I was wondering whether there is a way to rotate encryption certs that 
were used in an old backup without having to go through a whole 
restore/backup again process?

If not, can we make it a feature request?

A quick version should be possible, if you:

  - use one of the encryption certs to get a decrypted version of the 
symmetric encryption key from the encrypted backup
  - delete all encrypted versions of the symmetric encryption key in place
  - create new encrypted versions of the symmetric key using a new set 
of encryption certs and update the backup file with them

(Obviously the hash and signature will also have to be updated)

A longer-running version might also rotate the symmetric encryption key 
as part of the process, but I'm not sure its necessary to go this far.

Regards
Iwan


On 2019/09/04 16:53, Norm Green via GemStone-Smalltalk wrote:
> The certificates contain public keys, so the public keys come from 
> there.  We do not validate the certificates, so there is no CA cert file 
> used here.
> 
> The signing key is a private key and can be RSA or DSA in the latest 
> versions GemStone (initially it had to be RSA).
> 
> It works like this:
> 
>  1. Generate a random encryption key (symmetric)
>  2. For each certificate provided, use the cert to encrypt the
>     encryption key and store the encrypted form in the backup file.
>  3. Write the backup file, encrypting each backup record using the
>     encryption key
>  4. When finished, generate a hash of the backup and store it in the
>     backup file.
>  5. Finally, use the signing key (RSA or DSA private key) to sign the
>     hash and store it in the backup file.
> 
> To restore the backup, you need a private key that matches one of the 
> certs used to create the backup.  You also need the cert (public key) 
> that matches the signing key to validate the backup has not been 
> tampered with.
> 
> Hope this helps.
> 
> 
> Norm Green
> 
> 
> 


--