[Box Backup] How to regenerate certificate and what's the status of Boxi

Ben Summers boxbackup@fluffy.co.uk
Wed, 17 May 2006 21:52:08 +0100


On 17 May 2006, at 18:15, Roy wrote:
>>> If you lose your certificates, but still have your <account_id>- 
>>> FileEncKeys.raw file. How can you regenerate your certificates  
>>> for the client? If you can do that, I suppose you can only do  
>>> that on linux at the moment?
>>
>> Yes, you can regenerate anything except the file encryption keys.  
>> However, it does require help from the server operator. The client  
>> either resubmits their original certificate request, if they still  
>> have that and the private key. Otherwise, they generate a new key  
>> (optional) and a new certificate request.
>>
>> The server operator signs the certificate request and returns the  
>> resulting certificate to the client.
> Mmm I'm the server operator, but I don't know how the regenerate  
> them. I used the script that come with Box Backup, and for all I  
> know, you can't use the raw key file as source.

To regenerate client keys, run bbackupd-config again, and replace  
it's raw key file with the one from your secure backup. Sign the new  
certificates. Then you're up and running again.

Similarly for a server.


> With a new key, you lose your store or not?

Yes. Which is why bbackupd-config urges you to keep a copy of  
the .raw file in a safe place.

Ben