Re: [Bacula-users] data key rollover strategy
Hello Devin, 2015-11-19 0:17 GMT+01:00 Devin Reade: > My alerting system tells me that I have some file daemons that have been > merrily encrypting their data for quite a while. In particular, the > expiry dates for the data encryption x509 certs are coming up soon. You can renew your certs. I think that way described on the following link should be sufficient: http://www.tldp.org/HOWTO/SSL-Certificates-HOWTO/x195.html#AEN215 > Well, this brings up an interesting question that I'd not really > considered in depth: Given that you can only specify two keys > in the bacula-fd.conf file, what is the best strategy during key > rollover? That is, that time period after making a new client > keypair available, and the retention time of the backups that were > made with the old keypair? I think that important is understand that data stored by Bacula is not encrypted by ANY from public keys. Data is encrypted (symetric) by session keys and these session keys are stored on Bacula volumes in (asymetric) encrypted (by public keys) form. So data encryption in Bacula uses session keys stored in encrypted ASN.1 standard structure. In short it means that you are able to decrypt session key not by only ONE key, but by Client private key and private Master Key. Some time ago I prepared a few diagrams that show Bacula data encryption algorighm. Here are the diagrams in English version: http://www.bacula.pl/data_encryption.html > First off, I think that the master key specification doesn't enter > the picture; there is still a need for encrypting with the master > public key, for the usual reasons. > > The first section of the data encryption chapter says to not change > the location of the client keypair. Fair enough. This implies that > the new keypair should be used to overwrite the old. That's great > for performing backups, but what about doing restores? You can do restore as long as you have private Master Key, because in this case for decrypt session keys from volumes there is used private Master Key as only one valid. Of course, you have to provide the private Master Key to your Client. I hope that it helps. Best regards. Marcin Haba (gani) > I suspect the answer is: > 1. Save a copy of the old keypair (presumably there are copies > offline already, but best to be explicit) > 2. Overwrite the old client keypair with the new keypair. > 3. Resume backup operations. > 4. If you have to restore data from a time after the key replacement, > then it's business as usual. > 5. If you have to restore data from a time prior to the key replacement, > then you need to copy the old keypair over top of the new, > (presumably) restart the file daemon, perform the restore, > copy the new keypair back on top of the old, restart the file daemon, > and then continue with normal operations again. > > This implies that you also need to keep track of what the flag day > is when you change the certificate for a given client. (Although this > may be recorded in your certificate maintenance system, if any.) > > Does anyone have a better procedure? > > Devin > > > -- > ___ > Bacula-users mailing list > Bacula-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bacula-users -- "Większej miłości nikt nie ma nad tę, jak gdy kto życie swoje kładzie za przyjaciół swoich." Jezus Chrystus -- ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
Re: [Bacula-users] data key rollover strategy
> On Thu, 19 Nov 2015 09:15:36 -0700, Devin Reade said: > > > Some time ago I prepared a few diagrams that show Bacula data > > encryption algorighm. Here are the diagrams in English version: > > > > http://www.bacula.pl/data_encryption.html > > That diagram is a bit simplified in that it implies that the client > can check an arbitrary number of keypairs instead of the current > maximum of two. Actually, 'any number of "Master Keys" may be specified' according to the doc, because the PKI Master Key option can be repeated. That only works for encryption though. Decryption always uses the private key from the "PKI Keypair" option. __Martin -- ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
[Bacula-users] stat problems
Hello, I came across a problem with a Windows 2012R2 server that generated the below error messages in the log. The full backed up only a few megabytes when it should've backed up 10G obviously because of the below problems. However, I ran another full right after noticing the problem without doing anything to the server and it completed with no problem. Has any experience this? Know the cause? My concern is the backup ended with a "Backup OK with warnings" (status = T), so I never got an email indicating a problem. Regards, -craig 17-Nov 14:44 JobId 208: Could not stat "C:/Documents and Settings": ERR=The system cannot find the file specified. 17-Nov 14:44 JobId 208: Could not stat "C:/inetpub": ERR=The system cannot find the file specified. 17-Nov 14:44 JobId 208: Could not stat "C:/PerfLogs": ERR=The system cannot find the file specified. 17-Nov 14:44 JobId 208: Could not stat "C:/Perl64": ERR=The system cannot find the file specified. 17-Nov 14:44 JobId 208: Could not stat "C:/Program Files": ERR=The system cannot find the file specified. 17-Nov 14:44 JobId 208: Could not stat "C:/Program Files (x86)": ERR=The system cannot find the file specified. 17-Nov 14:44 JobId 208: Could not stat "C:/ProgramData": ERR=The system cannot find the file specified. 17-Nov 14:44 JobId 208: Could not stat "C:/Python32": ERR=The system cannot find the file specified. 17-Nov 14:44 JobId 208: Could not stat "C:/Users": ERR=The system cannot find the file specified. 17-Nov 14:44 JobId 208: Could not stat "C:/Windows": ERR=The system cannot find the file specified. 17-Nov 14:44 JobId 208: Error: findlib/attribs.c:923 Error in GetFileAttributesExW: file \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy5\: ERR=The system cannot find the file specified. 17-Nov 14:44 JobId 208: Cannot open "C:/": ERR=The system cannot find the file specified. . 17-Nov 14:44 JobId 208: Could not stat "E:/": ERR=The system cannot find the path specified. 17-Nov 14:44 JobId 208: Could not stat "F:/": ERR=The system cannot find the path specified. 17-Nov 14:44 JobId 208: Could not stat "G:/": ERR=The system cannot find the path specified. 17-Nov 14:44 JobId 208: Could not stat "H:/": ERR=The system cannot find the path specified. -- ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
Re: [Bacula-users] data key rollover strategy
--On Thursday, November 19, 2015 10:49:07 AM +0100 Marcin Habawrote: > You can renew your certs. True, as long as you're ok with using the old key. However t won't work, for example, if you need to expand your key size. > I think that important is understand that data stored by Bacula is not > encrypted by ANY from public keys. Yes, that is true. However you need the keypair to get at the ephemeral key. My original question was made, and still stands, with that understanding. Talking about encrypting something with an assymmetric key is usually made with the assumption that the reader knows that there is an ephemeral key being used for symmetric encryption. > In short it means that you are able to > decrypt session key not by only ONE key, but by Client private key and > private Master Key. [...] > You can do restore as long as you have private Master Key, because in > this case for decrypt session keys from volumes there is used private > Master Key as only one valid. Of course, you have to provide the > private Master Key to your Client. Understood, but if one postulates that the master key has a similar expiry date then having yet another keypair doesn't solve the problem. (It doesn't have the same date in my case, but in the general case it might be the same, or your master key may expire before the client key. The situation with the master key is really an analog to the situation with the client key. Solve one and you solve the other.) Besides, the master key is special in that it is typically the same for all clients, so you wouldn't want to put the private master key on a client permanently just in case you find the need to restore something. > Some time ago I prepared a few diagrams that show Bacula data > encryption algorighm. Here are the diagrams in English version: > > http://www.bacula.pl/data_encryption.html That diagram is a bit simplified in that it implies that the client can check an arbitrary number of keypairs instead of the current maximum of two. If it was in fact an arbitrary number one could solve the problem by listing both the old and the new client keypair. However, even if the fd code will do this today (I don't know; I've not checked the source), it appears that you can't specify more than two keypairs in the fd configuration file anyway, so there's no way to trigger it. I don't have an issue with the diagram as an explanation, it's just that it describes the (AFAIK non-existent) general case solution. Devin -- ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
Re: [Bacula-users] data key rollover strategy
> On Wed, 18 Nov 2015 16:17:20 -0700, Devin Reade said: > > My alerting system tells me that I have some file daemons that have been > merrily encrypting their data for quite a while. In particular, the > expiry dates for the data encryption x509 certs are coming up soon. > > Well, this brings up an interesting question that I'd not really > considered in depth: Given that you can only specify two keys > in the bacula-fd.conf file, what is the best strategy during key > rollover? That is, that time period after making a new client > keypair available, and the retention time of the backups that were > made with the old keypair? Does Bacula ever check for expired certs? I suspect not, so the question about rollover strategy is a moot one. __Martin -- ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
Re: [Bacula-users] data key rollover strategy
>> On Wed, 18 Nov 2015 16:17:20 -0700, Devin Reade said: >> >> My alerting system tells me that I have some file daemons that have been >> merrily encrypting their data for quite a while. In particular, the >> expiry dates for the data encryption x509 certs are coming up soon. >> >> Well, this brings up an interesting question that I'd not really >> considered in depth: Given that you can only specify two keys >> in the bacula-fd.conf file, what is the best strategy during key >> rollover? That is, that time period after making a new client >> keypair available, and the retention time of the backups that were >> made with the old keypair? > > Does Bacula ever check for expired certs? I suspect not, so the question > about rollover strategy is a moot one. Hello Martin: I know it checks for expired certs when using communication encryption, probably when initializing the TLS context. Don't know if its the same when encrypting data. > __Martin Regards, === Heitor Medrado de Faria - LPIC-III | ITIL-F | Bacula Systems Certified Administrator II Do you need Bacula training? http://bacula.us/video-classes/ I do Bacula training and deploy in any city of the world. More information: http://bacula.us/ +55 61 8268-4220 Site: http://bacula.us FB: heitor.faria === -- ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users