[GemStone-Smalltalk] Understanding secure backups

Norm Green norm.green at gemtalksystems.com
Sun Sep 8 19:45:54 PDT 2019 

Hi Iwan,

On 9/8/2019 6:17 PM, Iwan Vosloo via GemStone-Smalltalk wrote:
> I was wondering whether there is a way to rotate encryption certs that 
> were used in an old backup without having to go through a whole 
> restore/backup again process?
Not currently.
>
> If not, can we make it a feature request?
>
Yes I can add a request.  Could you please explain the practical use of 
such a feature?  Also note that if the backup is comprised of multiple 
files, the certs in all backup files would need to be rotated, else the 
backup could not be restored.

> A quick version should be possible, if you:
>
>  - use one of the encryption certs to get a decrypted version of the 
> symmetric encryption key from the encrypted backup
>  - delete all encrypted versions of the symmetric encryption key in place
>  - create new encrypted versions of the symmetric key using a new set 
> of encryption certs and update the backup file with them
>
> (Obviously the hash and signature will also have to be updated)
>
> A longer-running version might also rotate the symmetric encryption 
> key as part of the process, but I'm not sure its necessary to go this 
> far.
>
> Regards
> Iwan
>
>
> On 2019/09/04 16:53, Norm Green via GemStone-Smalltalk wrote:
>> The certificates contain public keys, so the public keys come from 
>> there.  We do not validate the certificates, so there is no CA cert 
>> file used here.
>>
>> The signing key is a private key and can be RSA or DSA in the latest 
>> versions GemStone (initially it had to be RSA).
>>
>> It works like this:
>>
>>  1. Generate a random encryption key (symmetric)
>>  2. For each certificate provided, use the cert to encrypt the
>>     encryption key and store the encrypted form in the backup file.
>>  3. Write the backup file, encrypting each backup record using the
>>     encryption key
>>  4. When finished, generate a hash of the backup and store it in the
>>     backup file.
>>  5. Finally, use the signing key (RSA or DSA private key) to sign the
>>     hash and store it in the backup file.
>>
>> To restore the backup, you need a private key that matches one of the 
>> certs used to create the backup.  You also need the cert (public key) 
>> that matches the signing key to validate the backup has not been 
>> tampered with.
>>
>> Hope this helps.
>>
>>
>> Norm Green
>>
>>
>>
>
>

More information about the GemStone-Smalltalk mailing list