[Box Backup] setting up the server and client

Achim boxbackup@boxbackup.org
Mon, 10 Aug 2009 13:41:09 +0200


Hello Edo:

On Mon, 10 Aug 2009 04:16:44 -0700 (PDT), scartomail <scartomail@yahoo.com>
wrote:
> Thanks for the link to the HowTo.
> The usefull information I found here is that you realy need to have
> a sepparate client and server to create the certificate files.
> The HowTo is more a HowTo on how to create a bash script by the way :-)
> But sepperating the ca, server and client actions make it easy for the
> eyes.

I absolutely agree. I talked already to Jonas (the creator of the Howto)
and he is thrilled to have his content on the official Wiki. I think a
reviewed and even more simplified version of this document could serve as a
quickstart document for the impatient. Does anybody know how to convert a
regular HTML page into a Wiki page without too much work? Especially the
table needed for visualising the various steps seems to be complicated to
move over, otherwise I would have done so already...

> Wouldn't it be easyer if all the certificate files would be created on
the
> server, or on the CA server?
> This way you could give a new client just a set of files and after a
litle
> configuration he could start backing up. 
> 
> There must be a technical(security) reason not to do it, or isn't there?

There is no technical limitation to run the whole process on the server
(including generating the encryption keys), and then sending the relevant
pieces to the client. However, this eliminates one of the best parts of Box
Backup in the first place IMHO: you don't have to trust the admins of the
BB server, since only you as a client have access to the private key: it
was generated on your machine and never travels across the network to the
server. If you generate the private key on the server, the admins can
always keep a copy and unencrypt your store.

Best regards, Achim