[Box Backup] How to regenerate certificate and what's the status of Boxi

Chris Wilson boxbackup@fluffy.co.uk
Wed, 17 May 2006 16:38:42 +0000 (GMT)


Hi Roy,

> After a while I'm again testing the 0.10 server & client and the latest 
> MinGW Windows version from Chris. But I'v got a couple of questions 
> about the certificates.

Please make sure you're not using version 564 of the Windows client. If 
it's not inconvenient, please could you test the new release, version 568?

> If you lose your certificates, but still have your 
> <account_id>-FileEncKeys.raw file. How can you regenerate your 
> certificates for the client? If you can do that, I suppose you can only 
> do that on linux at the moment?

Yes, you can regenerate anything except the file encryption keys. However, 
it does require help from the server operator. The client either resubmits 
their original certificate request, if they still have that and the 
private key. Otherwise, they generate a new key (optional) and a new 
certificate request.

The server operator signs the certificate request and returns the 
resulting certificate to the client.

> And what do you need from the server? Which certificates and how can you 
> regenerate the others? Or do you have to completely backup the CA?

I would definitely recommend that you back up the entire CA, although 
technically the server and client keys and root certificates should be 
enough.

> And a question to Chris; what's the current status of the rewrite of 
> Boxi? Or didn't you have the time to work on it in Ghana yet?

It's still progressing slowly, even while I'm here. I'm writing unit tests 
at the moment, and fixing the bugs that I find. I think it's currently 
usable to make backups, but not for restoring. It will be a while before 
the next release, sorry.

Cheers, Chris.
-- 
_ ___ __     _
  / __/ / ,__(_)_  | Chris Wilson <0000 at qwirx.com> - Cambs UK |
/ (_/ ,\/ _/ /_ \ | Security/C/C++/Java/Perl/SQL/HTML Developer |
\ _/_/_/_//_/___/ | We are GNU-free your mind-and your software |