[Box Backup] FYI: If you lose your CA dir

[Ben Summers]

To confirm: You can replace everything except the keys.raw file on  
the client, and still have access to your account.

The certificates are only used to authenticate the client to the  
server, and the server to the client. So they can be replaced  
throughout a system without affecting the data.

The keys.raw file for the client is used to encrypt the data.  
Obviously you cannot recreate this if you lose it. Guard it carefully.

Ben


On 22 Nov 2006, at 08:14, Imran Niazi wrote:

> Hi guys,
>
> I was just installing the client on two new servers, and noticed  
> that I "lost"
> the 'ca' directory.  This assumes you still have the server key  
> file and the
> csr file etc. in your configuration dirs, as well as the csr/key  
> files for
> each of the clients.  If you lose the server key file, you should  
> be able to
> recreate it and follow the below instructions.  I don't think that  
> should
> affect your old backups.  But if you lose the client key file, you  
> will lose
> all the backups for that client.  Please correct me if I'm wrong.
>
> Anyway, this what you do to generate new ca dir etc.:
>
> a) create a new ca dir: 'bbstored-certs ca init'
> b) Sign the server key:
>   bbstored-certs ca sign-server SERVERHOSTNAME-csr.pem
> c) copy the cert etc. as instructed
> d) Copy the CLIENTID-csr.pem from each of the clients to the server
> e) Sign each of the csr and generate new CLIENTID-cert.pem:
>   bbstored-certs ca sign CLIENTID-csr.pem
> f) Copy the CLIENTID-cert.pem, and serverCA.pem, back to the client  
> (the util
> tells you what to copy back)
>
>
> Imran Niazi
> www.niazi.net
> _______________________________________________
> boxbackup mailing list
> boxbackup@fluffy.co.uk
> http://lists.warhead.org.uk/mailman/listinfo/boxbackup