[GemStone-Smalltalk] Understanding secure backups

Jerry Kott jkott at image-ware.com
Sun Sep 8 20:11:07 PDT 2019 

If I may have some input on this conversation, I would suggest that rotating certs adds complexity, and complexity is the enemy of security. Without knowing all the details of specific security requirements, I think properly managing and securing a single certificate chain would be a better solution.

Jerry Kott
This message has been digitally signed. 
PGP Fingerprint:
A9181736DD2F1B6CC7CF9E51AC8514F48C0979A5



> On 08-09-2019, at 7:45 PM, Norm Green via GemStone-Smalltalk <gemstone-smalltalk at lists.gemtalksystems.com> wrote:
> 
> Hi Iwan,
> 
> On 9/8/2019 6:17 PM, Iwan Vosloo via GemStone-Smalltalk wrote:
>> I was wondering whether there is a way to rotate encryption certs that were used in an old backup without having to go through a whole restore/backup again process?
> Not currently.
>> 
>> If not, can we make it a feature request?
>> 
> Yes I can add a request.  Could you please explain the practical use of such a feature?  Also note that if the backup is comprised of multiple files, the certs in all backup files would need to be rotated, else the backup could not be restored.
> 
>> A quick version should be possible, if you:
>> 
>>  - use one of the encryption certs to get a decrypted version of the symmetric encryption key from the encrypted backup
>>  - delete all encrypted versions of the symmetric encryption key in place
>>  - create new encrypted versions of the symmetric key using a new set of encryption certs and update the backup file with them
>> 
>> (Obviously the hash and signature will also have to be updated)
>> 
>> A longer-running version might also rotate the symmetric encryption key as part of the process, but I'm not sure its necessary to go this far.
>> 
>> Regards
>> Iwan
>> 
>> 
>> On 2019/09/04 16:53, Norm Green via GemStone-Smalltalk wrote:
>>> The certificates contain public keys, so the public keys come from there.  We do not validate the certificates, so there is no CA cert file used here.
>>> 
>>> The signing key is a private key and can be RSA or DSA in the latest versions GemStone (initially it had to be RSA).
>>> 
>>> It works like this:
>>> 
>>>  1. Generate a random encryption key (symmetric)
>>>  2. For each certificate provided, use the cert to encrypt the
>>>     encryption key and store the encrypted form in the backup file.
>>>  3. Write the backup file, encrypting each backup record using the
>>>     encryption key
>>>  4. When finished, generate a hash of the backup and store it in the
>>>     backup file.
>>>  5. Finally, use the signing key (RSA or DSA private key) to sign the
>>>     hash and store it in the backup file.
>>> 
>>> To restore the backup, you need a private key that matches one of the certs used to create the backup.  You also need the cert (public key) that matches the signing key to validate the backup has not been tampered with.
>>> 
>>> Hope this helps.
>>> 
>>> 
>>> Norm Green
>>> 
>>> 
>>> 
>> 
>> 
> 
> _______________________________________________
> GemStone-Smalltalk mailing list
> GemStone-Smalltalk at lists.gemtalksystems.com
> https://lists.gemtalksystems.com/mailman/listinfo/gemstone-smalltalk

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gemtalksystems.com/mailman/private/gemstone-smalltalk/attachments/20190908/bc7d7e5f/attachment.htm>

More information about the GemStone-Smalltalk mailing list