|
| From: | Jonathan Dray |
| Subject: | Re: [Duplicity-talk] backup from multiple devices with GPG asymetric key encryption - best practices |
| Date: | Wed, 12 Jan 2022 14:05:47 +0100 |
> On Jan 11, 2022, at 9:20 PM, Jeffrey Walton via Duplicity-talk <duplicity-talk@nongnu.org> wrote:
>
> On Tue, Jan 11, 2022 at 4:46 PM Jonathan Dray via Duplicity-talk
> <duplicity-talk@nongnu.org> wrote:
>>
>> I'm new to duplicity and to GPG.
>> To catch up I read multiple articles and documentation pages online on the subject and I came up with a first working solution that I'm not happy with yet ;)
>> And also a couple of questions.
>>
>> What I have today :
>>
>> A GPG master key generated offline with tails, following this guide : https://wiki.debian.org/GnuPG/AirgappedMasterKey
>> with 2 password protected subkeys: one for encryption, and one for signing
>> Duplicity backup commands run with duply that store encrypted backup on a remote S3 like cloud storage hosted by Scaleway : https://www.scaleway.com/fr/object-storage/ Using the encryption keys generated above.
>>
>> I have successfully sent encrypted data to the remote storage and restored the backed up files from it.
>> As for the GPG setup I've imported on my test laptop the encryption and signing subkey pairs (public and private for both)
>>
>> Now I struggle on 2 main points :
>>
>> unattended backups
>> transpose the setup securely for multiple devices
>>
>>
>> Unattended backups
>>
>> I have to enter the key passphrase on each backup operation.
>>
>> I suspect it is the case because my sign key is password protected
>> I tried to set up the gpg agent and to store the password in the cache for an unlimited amount of time. Which doesn't work and isn't maybe a wise thing to do anyway.
>> That limitation makes it really hard / impossible to setup unattended backups
>>
>>
>> Multiple devices setup
>>
>> I was advised to create a new key pair specific to backup / storage vs my initial master key that was essentially targeted to be used in a web of trust context (email / git ...).
>> Also by design gpg won't let me have multiple encryption subkeys.
>>
>> Now with that in mind I guess I would have to create a specific backup key pair for each server right ?
>>
>> To sum up
>>
>> If I want a different encryption key per device (seems to be the safest option), I have to generate a new keypair for each device right ?
>>
>> or I should consider that as the encryption private will rarely be on a given server, the risk of that key being stolen is low so having only one key for encryption is reasonable ?
>>
>> As for the signing key I'm still confused on how to proceed...
>>
>> should it be managed as a subkey of a device specific keypair ?
>> or one single key for all devices ?
>> multiple signing keys as subkeys of a separate keypair ?
>> What about the passphrase protection ?
>
> I think you are hitting the Unattended Key Storage problem. It is a
> wicked hard problem in computer science. Also see Peter Gutmann's
> Engineering Security,
> https://www.cs.auckland.ac.nz/~pgut001/pubs/book.pdf.
If gog is an asymmetric key system, can’t all the encryption and incremental updates be done with the public key and the private key is needed only for the downloading and restoration of files from the backups which is usually an attended situation? Or am I missing some fundamental.
Use RSA an asymmetric crypto system.
Backups require only public key
Restoration requires private key
-Scott
_______________________________________________
Duplicity-talk mailing list
Duplicity-talk@nongnu.org
https://lists.nongnu.org/mailman/listinfo/duplicity-talk
| [Prev in Thread] | Current Thread | [Next in Thread] |