[Box Backup] Certificates & Keys Question

Richard Hurt boxbackup@fluffy.co.uk
Fri, 2 May 2008 10:36:44 -0400 

I am trying to make sure my systems are secure and I would like to
check my assumptions and perhaps update the Wiki with the final
information.  Please let me know where my assumptions go wrong and if
I'm missing something.

Thanx!
  Richard

======================  SNIP  =========================

Box Backup uses SSL to communicate between the server and the client.
It also uses AES to encrypt the data on the server.  These
technologies rely on various files (aka Keys) some of which need to be
protected more than others.

<account number>-csr.pem
  - Security Level: LOW
    This is merely a certificate request file and is only used once.
After getting your certificate this file can|should be deleted.

<account number>-cert.pem
  - Security Level: MEDIUM
    This is the clients SSL certificate and it the client to securely
communicate with the server.  This file is unique to each client and
should be marginally protected.  If a bad guy had this file he could
copy your encrypted data from the server but wouldn't be able to use
it.

<account number>-key.pem
  - Security Level: ???
    I'm not quite sure what this file is used for.  Is it another SSL
key or something to do with the AES encryption.  What happens if a bad
guy gets a hold of this file?  What damage could he do?

<account number>-FileEncKeys.raw
  - Security Level: HIGHEST
    This is the master AES key for your data and is used to encrypt
your data before sending it to the server.  This file is unique to
each client and should be protected at all costs and stored off-site
in a secure location.  Without this file your data is useless.  If a
bad guy gets this file all bets are off and you are sunk.  If you lose
this file you are sunk.  Everything can be replaced, except this file.

serverCA.pem
  - Security Level: MEDIUM
  This is the servers SSL certificate and it allows the client to
security communicate with the server.  This file is common to all
clients and should be marginally protected.  If a bad guy had this
file he could run a Man-In-The-Middle attack and impersonate your Box
Backup server thereby capturing your encrypted data.