[Box Backup] Web Management Interface

Chris Wilson boxbackup@boxbackup.org
Sat, 8 Nov 2008 21:54:28 +0000 (GMT)

Hi Pete,

On Sat, 8 Nov 2008, Peter Jalajas, GigaLock Backup Services wrote:

> > Also, the key management on Windows is really hard at the moment, and 
> > this is a big part of making it easier (by sorting out the CSR and 
> > certificate transfer). The other part is a script that I have planned 
> > for Windows should make it much easier.
> I'd offer to help, but I haven't been very good at following up on
> such offers.  FWIW, I have a script that I run by hand on my separate
> key CA machine that handles much of the process.  My reseller requests
> an account via my website, I run the script, and it:
> 1) chooses an account number,
> 2) generates the keys and signs the csr,
> 3) creates the account on the store server via keyless ssh,  and
> 4) sends the reseller a .7z file, encrypted to the reseller's
> pre-shared password (gosh I wish I could get them to use PKI!), that
> contains the client keys encrypted in another client .7z, and that
> also contains another file with the unique password for that client
> .7z file.
> The reseller then:
> 5) unzips their reseller .7z file on their own machine (not the client
> machine),
> 6) obtains the client keys and the client .7z file password inside there,
> 7) puts the client .7z file in the correct place on the client
> machine, and then
> 8) runs a little batch file I have there that runs 7za.exe to unzip
> the client .7z file, prompting for that client .7z password.
> Maybe some of that logic(!) can be applied to your tool?
> Suggestions welcome!

I'm hoping that it won't be necessary to do such complex things. There 
should be a simple signup API where the reseller can give the user an 
account number and password, they enter it into Boxi (or a script or other 
GUI on their machine) and it generates their keys locally and uses the web 
interface to get the certificate. That way you don't need to have access 
to their keys.

> > Not sure what you mean by bbackupd.dat? Is that the 
> > StoreObjectInfoFile? I'm afraid it's not documented, I think Chromi 
> > wrote the code, I can explain the binary format to you if it helps 
> > (it's actually quite simple)
> Please do.  I'm hoping that my java gui can use that file to quickly
> build a snappy interactive file-and-directory tree, including old and
> deleted files (instead of having to use 'bbackupquery "list -dotsr"
> quit | findstr ...'), for more convenient queries and restores.

Have a look at this:


Cheers, Chris.
_____ __     _
\  __/ / ,__(_)_  | Chris Wilson <0000 at qwirx.com> - Cambs UK |
/ (_/ ,\/ _/ /_ \ | Security/C/C++/Java/Ruby/Perl/SQL Developer |
\ _/_/_/_//_/___/ | Stop nuclear war http://www.nuclearrisk.org |