[Box Backup] Web Management Interface

Peter Jalajas, GigaLock Backup Services boxbackup@boxbackup.org
Sat, 8 Nov 2008 17:16:46 -0500


Hi Chris,

On Sat, Nov 8, 2008 at 4:54 PM, Chris Wilson <chris@qwirx.com> wrote:
> Hi Pete,
>
> On Sat, 8 Nov 2008, Peter Jalajas, GigaLock Backup Services wrote:
>
>> > Also, the key management on Windows is really hard at the moment, and
>> > this is a big part of making it easier (by sorting out the CSR and
>> > certificate transfer). The other part is a script that I have planned
>> > for Windows should make it much easier.
>>
>> I'd offer to help, but I haven't been very good at following up on
>> such offers.  FWIW, I have a script that I run by hand on my separate
>> key CA machine that handles much of the process.  My reseller requests
>> an account via my website, I run the script, and it:
>> 1) chooses an account number,
>> 2) generates the keys and signs the csr,
>> 3) creates the account on the store server via keyless ssh,  and
>> 4) sends the reseller a .7z file, encrypted to the reseller's
>> pre-shared password (gosh I wish I could get them to use PKI!), that
>> contains the client keys encrypted in another client .7z, and that
>> also contains another file with the unique password for that client
>> .7z file.
>> The reseller then:
>> 5) unzips their reseller .7z file on their own machine (not the client
>> machine),
>> 6) obtains the client keys and the client .7z file password inside there,
>> 7) puts the client .7z file in the correct place on the client
>> machine, and then
>> 8) runs a little batch file I have there that runs 7za.exe to unzip
>> the client .7z file, prompting for that client .7z password.
>> Maybe some of that logic(!) can be applied to your tool?
>> Suggestions welcome!
>
> I'm hoping that it won't be necessary to do such complex things. There
> should be a simple signup API where the reseller can give the user an
> account number and password, they enter it into Boxi (or a script or other
> GUI on their machine) and it generates their keys locally and uses the web
> interface to get the certificate. That way you don't need to have access
> to their keys.

Yes, something easier, and more secure like that, would be nice.

>> > Not sure what you mean by bbackupd.dat? Is that the
>> > StoreObjectInfoFile? I'm afraid it's not documented, I think Chromi
>> > wrote the code, I can explain the binary format to you if it helps
>> > (it's actually quite simple)
>>
>> Please do.  I'm hoping that my java gui can use that file to quickly
>> build a snappy interactive file-and-directory tree, including old and
>> deleted files (instead of having to use 'bbackupquery "list -dotsr"
>> quit | findstr ...'), for more convenient queries and restores.
>
> Have a look at this:
>
> http://www.boxbackup.org/trac/wiki/StoreObjectInfoFile

That'll take a while to digest.

You are amazing.  Thanks for all you do!

Pete