[Box Backup] setting up the server and client

scartomail boxbackup@boxbackup.org
Mon, 10 Aug 2009 04:54:11 -0700 (PDT)


Hi Achim

You wrote:
If you generate the private key on the server, the admins can
always keep a copy and unencrypt your store.

Got it! That is a vallid reason.
But the fact that all the files could be created on the server is nice to.
If you store your data somewhere I think trusting someone is not always the problem, the technical knowledge to produce the files is more of a problem. 

But if you have a windows client it is a bit hard to produce those files.
The client GUI Boxi does require those files to opperate.
In this case the files must be created on the server.
Is this assumtion correct?

Rgds Edo



--- On Mon, 8/10/09, Achim <achim+box@qustodium.net> wrote:

> From: Achim <achim+box@qustodium.net>
> Subject: Re: [Box Backup] setting up the server and client
> To: boxbackup@boxbackup.org
> Date: Monday, August 10, 2009, 7:41 AM
> Hello Edo:
> 
> On Mon, 10 Aug 2009 04:16:44 -0700 (PDT), scartomail <scartomail@yahoo.com>
> wrote:
> > Thanks for the link to the HowTo.
> > The usefull information I found here is that you realy
> need to have
> > a sepparate client and server to create the
> certificate files.
> > The HowTo is more a HowTo on how to create a bash
> script by the way :-)
> > But sepperating the ca, server and client actions make
> it easy for the
> > eyes.
> 
> I absolutely agree. I talked already to Jonas (the creator
> of the Howto)
> and he is thrilled to have his content on the official
> Wiki. I think a
> reviewed and even more simplified version of this document
> could serve as a
> quickstart document for the impatient. Does anybody know
> how to convert a
> regular HTML page into a Wiki page without too much work?
> Especially the
> table needed for visualising the various steps seems to be
> complicated to
> move over, otherwise I would have done so already...
> 
> > Wouldn't it be easyer if all the certificate files
> would be created on
> the
> > server, or on the CA server?
> > This way you could give a new client just a set of
> files and after a
> litle
> > configuration he could start backing up. 
> > 
> > There must be a technical(security) reason not to do
> it, or isn't there?
> 
> There is no technical limitation to run the whole process
> on the server
> (including generating the encryption keys), and then
> sending the relevant
> pieces to the client. However, this eliminates one of the
> best parts of Box
> Backup in the first place IMHO: you don't have to trust the
> admins of the
> BB server, since only you as a client have access to the
> private key: it
> was generated on your machine and never travels across the
> network to the
> server. If you generate the private key on the server, the
> admins can
> always keep a copy and unencrypt your store.
> 
> Best regards, Achim
> 
> _______________________________________________
> boxbackup mailing list
> boxbackup@boxbackup.org
> http://lists.warhead.org.uk/mailman/listinfo/boxbackup
>