[Box Backup] How to regenerate certificate and what's the status of Boxi

Roy boxbackup@fluffy.co.uk
Wed, 17 May 2006 23:15:08 +0200


Ben Summers wrote:
>
> On 17 May 2006, at 18:15, Roy wrote:
>>>> If you lose your certificates, but still have your 
>>>> <account_id>-FileEncKeys.raw file. How can you regenerate your 
>>>> certificates for the client? If you can do that, I suppose you can 
>>>> only do that on linux at the moment?
>>>
>>> Yes, you can regenerate anything except the file encryption keys. 
>>> However, it does require help from the server operator. The client 
>>> either resubmits their original certificate request, if they still 
>>> have that and the private key. Otherwise, they generate a new key 
>>> (optional) and a new certificate request.
>>>
>>> The server operator signs the certificate request and returns the 
>>> resulting certificate to the client.
>> Mmm I'm the server operator, but I don't know how the regenerate 
>> them. I used the script that come with Box Backup, and for all I 
>> know, you can't use the raw key file as source.
>
> To regenerate client keys, run bbackupd-config again, and replace it's 
> raw key file with the one from your secure backup. Sign the new 
> certificates. Then you're up and running again.
>
> Similarly for a server.
>
>
>> With a new key, you lose your store or not?
>
> Yes. Which is why bbackupd-config urges you to keep a copy of the .raw 
> file in a safe place.
>
> Ben
>
>
>
> _______________________________________________
> boxbackup mailing list
> boxbackup@fluffy.co.uk
> http://lists.warhead.org.uk/mailman/listinfo/boxbackup
Thanks for this explanation. Maybe this should be put somewhere on the 
Wiki or somewhere else in the documentation. Or is it already there and 
I didn't see it?

Cheers,

Roy