[Box Backup] How to regenerate certificate and what's the status of Boxi

Roy boxbackup@fluffy.co.uk
Wed, 17 May 2006 19:15:39 +0200 

Chris Wilson wrote:
> Hi Roy,
>
>> After a while I'm again testing the 0.10 server & client and the 
>> latest MinGW Windows version from Chris. But I'v got a couple of 
>> questions about the certificates.
>
> Please make sure you're not using version 564 of the Windows client. 
> If it's not inconvenient, please could you test the new release, 
> version 568?
>
Yes I saw that on the dev-list so I'm now running 568.
>> If you lose your certificates, but still have your 
>> <account_id>-FileEncKeys.raw file. How can you regenerate your 
>> certificates for the client? If you can do that, I suppose you can 
>> only do that on linux at the moment?
>
> Yes, you can regenerate anything except the file encryption keys. 
> However, it does require help from the server operator. The client 
> either resubmits their original certificate request, if they still 
> have that and the private key. Otherwise, they generate a new key 
> (optional) and a new certificate request.
>
> The server operator signs the certificate request and returns the 
> resulting certificate to the client.
Mmm I'm the server operator, but I don't know how the regenerate them. I 
used the script that come with Box Backup, and for all I know, you can't 
use the raw key file as source.
With a new key, you lose your store or not?
>
>> And what do you need from the server? Which certificates and how can 
>> you regenerate the others? Or do you have to completely backup the CA?
>
> I would definitely recommend that you back up the entire CA, although 
> technically the server and client keys and root certificates should be 
> enough.
>
>> And a question to Chris; what's the current status of the rewrite of 
>> Boxi? Or didn't you have the time to work on it in Ghana yet?
>
> It's still progressing slowly, even while I'm here. I'm writing unit 
> tests at the moment, and fixing the bugs that I find. I think it's 
> currently usable to make backups, but not for restoring. It will be a 
> while before the next release, sorry.
Waiting for it anxiously. Because that is especially handy for people 
that aren't used to command line programs.
>
> Cheers, Chris.

Cheers,
Roy