Re: [Bacula-users] data key rollover strategy

[Marcin Haba]

Hello Devin,

2015-11-19 0:17 GMT+01:00 Devin Reade :
> My alerting system tells me that I have some file daemons that have been
> merrily encrypting their data for quite a while.  In particular, the
> expiry dates for the data encryption x509 certs are coming up soon.

You can renew your certs. I think that way described on the following
link should be sufficient:

http://www.tldp.org/HOWTO/SSL-Certificates-HOWTO/x195.html#AEN215

> Well, this brings up an interesting question that I'd not really
> considered in depth:  Given that you can only specify two keys
> in the bacula-fd.conf file, what is the best strategy during key
> rollover?  That is, that time period after making a new client
> keypair available, and the retention time of the backups that were
> made with the old keypair?

I think that important is understand that data stored by Bacula is not
encrypted by ANY from public keys. Data is encrypted (symetric) by
session keys and these session keys are stored on Bacula volumes in
(asymetric) encrypted (by public keys) form.

So data encryption in Bacula uses session keys stored in encrypted
ASN.1 standard structure. In short it means that you are able to
decrypt session key not by only ONE key, but by Client private key and
private Master Key.

Some time ago I prepared a few diagrams that show Bacula data
encryption algorighm. Here are the diagrams in English version:

http://www.bacula.pl/data_encryption.html

> First off, I think that the master key specification doesn't enter
> the picture; there is still a need for encrypting with the master
> public key, for the usual reasons.
>
> The first section of the data encryption chapter says to not change
> the location of the client keypair.  Fair enough.  This implies that
> the new keypair should be used to overwrite the old.  That's great
> for performing backups, but what about doing restores?

You can do restore as long as you have private Master Key, because in
this case for decrypt session keys from volumes there is used private
Master Key as only one valid. Of course, you have to provide the
private Master Key to your Client.

I hope that it helps.

Best regards.
Marcin Haba (gani)

> I suspect the answer is:
>   1. Save a copy of the old keypair (presumably there are copies
>  offline already, but best to be explicit)
>   2. Overwrite the old client keypair with the new keypair.
>   3. Resume backup operations.
>   4. If you have to restore data from a time after the key replacement,
>  then it's business as usual.
>   5. If you have to restore data from a time prior to the key replacement,
>  then you need to copy the old keypair over top of the new,
>  (presumably) restart the file daemon, perform the restore,
>  copy the new keypair back on top of the old, restart the file daemon,
>  and then continue with normal operations again.
>
> This implies that you also need to keep track of what the flag day
> is when you change the certificate for a given client.  (Although this
> may be recorded in your certificate maintenance system, if any.)
>
> Does anyone have a better procedure?
>
> Devin
>
>
> --
> ___
> Bacula-users mailing list
> Bacula-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bacula-users



-- 
"Większej miłości nikt nie ma nad tę, jak gdy kto życie swoje kładzie
za przyjaciół swoich." Jezus Chrystus

--
___
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

Re: [Bacula-users] data key rollover strategy

[Martin Simmons]

> On Thu, 19 Nov 2015 09:15:36 -0700, Devin Reade said:
> 
> > Some time ago I prepared a few diagrams that show Bacula data
> > encryption algorighm. Here are the diagrams in English version:
> >
> > http://www.bacula.pl/data_encryption.html
> 
> That diagram is a bit simplified in that it implies that the client
> can check an arbitrary number of keypairs instead of the current
> maximum of two.

Actually, 'any number of "Master Keys" may be specified' according to the doc,
because the PKI Master Key option can be repeated.

That only works for encryption though.  Decryption always uses the private key
from the "PKI Keypair" option.

__Martin

--
___
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

[Bacula-users] stat problems

[Craig Shiroma]

Hello,

I came across a problem with a Windows 2012R2 server that generated the
below error messages in the log.  The full backed up only a few megabytes
when it should've backed up 10G obviously because of the below problems.
However, I ran another full right after noticing the problem without doing
anything to the server and it completed with no problem.  Has any
experience this?  Know the cause?

My concern is the backup ended with a "Backup OK with warnings" (status =
T), so I never got an email indicating a problem.

Regards,
-craig

17-Nov 14:44  JobId 208:  Could not stat "C:/Documents and
Settings": ERR=The system cannot find the file specified.
17-Nov 14:44  JobId 208:  Could not stat "C:/inetpub":
ERR=The system cannot find the file specified.
17-Nov 14:44  JobId 208:  Could not stat "C:/PerfLogs":
ERR=The system cannot find the file specified.
17-Nov 14:44  JobId 208:  Could not stat "C:/Perl64":
ERR=The system cannot find the file specified.
17-Nov 14:44  JobId 208:  Could not stat "C:/Program
Files": ERR=The system cannot find the file specified.
17-Nov 14:44  JobId 208:  Could not stat "C:/Program Files
(x86)": ERR=The system cannot find the file specified.
17-Nov 14:44  JobId 208:  Could not stat "C:/ProgramData":
ERR=The system cannot find the file specified.
17-Nov 14:44  JobId 208:  Could not stat "C:/Python32":
ERR=The system cannot find the file specified.
17-Nov 14:44  JobId 208:  Could not stat "C:/Users":
ERR=The system cannot find the file specified.
17-Nov 14:44  JobId 208:  Could not stat "C:/Windows":
ERR=The system cannot find the file specified.
17-Nov 14:44  JobId 208: Error: findlib/attribs.c:923 Error in
GetFileAttributesExW: file
\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy5\: ERR=The system cannot
find the file specified.
17-Nov 14:44  JobId 208:  Cannot open "C:/": ERR=The
system cannot find the file specified.
.
17-Nov 14:44  JobId 208:  Could not stat "E:/": ERR=The
system cannot find the path specified.
17-Nov 14:44  JobId 208:  Could not stat "F:/": ERR=The
system cannot find the path specified.
17-Nov 14:44  JobId 208:  Could not stat "G:/": ERR=The
system cannot find the path specified.
17-Nov 14:44  JobId 208:  Could not stat "H:/": ERR=The
system cannot find the path specified.
--
___
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

Re: [Bacula-users] data key rollover strategy

[Devin Reade]

--On Thursday, November 19, 2015 10:49:07 AM +0100 Marcin Haba 
 wrote:

> You can renew your certs.

True, as long as you're ok with using the old key.  However t won't work,
for example, if you need to expand your key size.

> I think that important is understand that data stored by Bacula is not
> encrypted by ANY from public keys.

Yes, that is true.  However you need the keypair to get at the
ephemeral key.  My original question was made, and still stands,
with that understanding.  Talking about encrypting something with
an assymmetric key is usually made with the assumption that the
reader knows that there is an ephemeral key being used for symmetric
encryption.

> In short it means that you are able to
> decrypt session key not by only ONE key, but by Client private key and
> private Master Key.
[...]
> You can do restore as long as you have private Master Key, because in
> this case for decrypt session keys from volumes there is used private
> Master Key as only one valid. Of course, you have to provide the
> private Master Key to your Client.

Understood, but if one postulates that the master key has a similar
expiry date then having yet another keypair doesn't solve the problem.
(It doesn't have the same date in my case, but in the general case
it might be the same, or your master key may expire before the
client key.  The situation with the master key is really an analog
to the situation with the client key.  Solve one and you solve the other.)

Besides, the master key is special in that it is typically the same
for all clients, so you wouldn't want to put the private master key
on a client permanently just in case you find the need to restore something.

> Some time ago I prepared a few diagrams that show Bacula data
> encryption algorighm. Here are the diagrams in English version:
>
> http://www.bacula.pl/data_encryption.html

That diagram is a bit simplified in that it implies that the client
can check an arbitrary number of keypairs instead of the current
maximum of two.  If it was in fact an arbitrary number one could solve
the problem by listing both the old and the new client keypair.
However, even if the fd code will do this today (I don't know; I've
not checked the source), it appears that you can't specify more than
two keypairs in the fd configuration file anyway, so there's no way
to trigger it.

I don't have an issue with the diagram as an explanation, it's just
that it describes the (AFAIK non-existent) general case solution.

Devin


--
___
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

Re: [Bacula-users] data key rollover strategy

[Martin Simmons]

> On Wed, 18 Nov 2015 16:17:20 -0700, Devin Reade said:
> 
> My alerting system tells me that I have some file daemons that have been
> merrily encrypting their data for quite a while.  In particular, the
> expiry dates for the data encryption x509 certs are coming up soon.
> 
> Well, this brings up an interesting question that I'd not really
> considered in depth:  Given that you can only specify two keys
> in the bacula-fd.conf file, what is the best strategy during key
> rollover?  That is, that time period after making a new client
> keypair available, and the retention time of the backups that were
> made with the old keypair?

Does Bacula ever check for expired certs?  I suspect not, so the question
about rollover strategy is a moot one.

__Martin

--
___
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

Re: [Bacula-users] data key rollover strategy

[Heitor Faria]

>> On Wed, 18 Nov 2015 16:17:20 -0700, Devin Reade said:
>> 
>> My alerting system tells me that I have some file daemons that have been
>> merrily encrypting their data for quite a while.  In particular, the
>> expiry dates for the data encryption x509 certs are coming up soon.
>> 
>> Well, this brings up an interesting question that I'd not really
>> considered in depth:  Given that you can only specify two keys
>> in the bacula-fd.conf file, what is the best strategy during key
>> rollover?  That is, that time period after making a new client
>> keypair available, and the retention time of the backups that were
>> made with the old keypair?
> 
> Does Bacula ever check for expired certs?  I suspect not, so the question
> about rollover strategy is a moot one.

Hello Martin: I know it checks for expired certs when using communication 
encryption, probably when initializing the TLS context.
Don't know if its the same when encrypting data.

> __Martin

Regards,
=== 
Heitor Medrado de Faria - LPIC-III | ITIL-F | Bacula Systems Certified 
Administrator II 
Do you need Bacula training? http://bacula.us/video-classes/ 
I do Bacula training and deploy in any city of the world. More information: 
http://bacula.us/ 
+55 61 8268-4220 
Site: http://bacula.us FB: heitor.faria 
===

--
___
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users