Fw: Re: [Box Backup] setting up the server and client

scartomail boxbackup@boxbackup.org
Mon, 10 Aug 2009 07:52:20 -0700 (PDT)


Hi,

I found the anwser to my question on the boxbackup site.
Q: But if you have a windows client it is a bit hard to produce those files=
.
A: You will need to generate the certificate and keys on a Unix box,     un=
fortunately. Boxi will soon make this much easier.

Are there hidden features in Boxi, or are they still to come?

Rgds Edo=20


--- On Mon, 8/10/09, scartomail <scartomail@yahoo.com> wrote:

> From: scartomail <scartomail@yahoo.com>
> Subject: Re: [Box Backup] setting up the server and client
> To: boxbackup@boxbackup.org
> Date: Monday, August 10, 2009, 7:54 AM
> Hi Achim
>=20
> You wrote:
> If you generate the private key on the server, the admins
> can
> always keep a copy and unencrypt your store.
>=20
> Got it! That is a vallid reason.
> But the fact that all the files could be created on the
> server is nice to.
> If you store your data somewhere I think trusting someone
> is not always the problem, the technical knowledge to
> produce the files is more of a problem.=20
>=20
> But if you have a windows client it is a bit hard to
> produce those files.
> The client GUI Boxi does require those files to opperate.
> In this case the files must be created on the server.
> Is this assumtion correct?
>=20
> Rgds Edo
>=20
>=20
>=20
> --- On Mon, 8/10/09, Achim <achim+box@qustodium.net>
> wrote:
>=20
> > From: Achim <achim+box@qustodium.net>
> > Subject: Re: [Box Backup] setting up the server and
> client
> > To: boxbackup@boxbackup.org
> > Date: Monday, August 10, 2009, 7:41 AM
> > Hello Edo:
> >=20
> > On Mon, 10 Aug 2009 04:16:44 -0700 (PDT), scartomail
> <scartomail@yahoo.com>
> > wrote:
> > > Thanks for the link to the HowTo.
> > > The usefull information I found here is that you
> realy
> > need to have
> > > a sepparate client and server to create the
> > certificate files.
> > > The HowTo is more a HowTo on how to create a
> bash
> > script by the way :-)
> > > But sepperating the ca, server and client actions
> make
> > it easy for the
> > > eyes.
> >=20
> > I absolutely agree. I talked already to Jonas (the
> creator
> > of the Howto)
> > and he is thrilled to have his content on the
> official
> > Wiki. I think a
> > reviewed and even more simplified version of this
> document
> > could serve as a
> > quickstart document for the impatient. Does anybody
> know
> > how to convert a
> > regular HTML page into a Wiki page without too much
> work?
> > Especially the
> > table needed for visualising the various steps seems
> to be
> > complicated to
> > move over, otherwise I would have done so already...
> >=20
> > > Wouldn't it be easyer if all the certificate
> files
> > would be created on
> > the
> > > server, or on the CA server?
> > > This way you could give a new client just a set
> of
> > files and after a
> > litle
> > > configuration he could start backing up.=20
> > >=20
> > > There must be a technical(security) reason not to
> do
> > it, or isn't there?
> >=20
> > There is no technical limitation to run the whole
> process
> > on the server
> > (including generating the encryption keys), and then
> > sending the relevant
> > pieces to the client. However, this eliminates one of
> the
> > best parts of Box
> > Backup in the first place IMHO: you don't have to
> trust the
> > admins of the
> > BB server, since only you as a client have access to
> the
> > private key: it
> > was generated on your machine and never travels across
> the
> > network to the
> > server. If you generate the private key on the server,
> the
> > admins can
> > always keep a copy and unencrypt your store.
> >=20
> > Best regards, Achim
> >=20
> > _______________________________________________
> > boxbackup mailing list
> > boxbackup@boxbackup.org
> > http://lists.warhead.org.uk/mailman/listinfo/boxbackup
> >=20
>=20
>=20
> =A0 =A0 =A0=20
> =0A=0A=0A