New feature: RSA encryption

So that other people may review it, or comment on it like i did here, maybe

1 Like

Right, I wanted to give it more time so others can review or try it out.

2 Likes

Bump… :wink:

Very interresting but I don’t think I understood completely how this should work!

On my server, I can give UserX access to a folder using SFTP. (No other users on that folder)
UserX can now create an RSA encrypted backup with a public key and can restore or check with the private key (and storage password). User X can use the private key for both restore and check.

Doesn’t this mean that I (server owner) cannot check chunks on their behalf without receiving the private key and storage password, therefore also access to the content?

On the other hand, If I create a public/private key pair (+ storagePwd) for each storage(user), allow them to backup to me with their public key and keep the private to myself, then I could probably check chunks on the server but only I would have access to the data, and the users would not be able to restore… (good for IOT scenarios perhaps!)

Sorry if I’m complicating things, I’m probably mising something obvious here!
(not an expert in the field!)

You always need the storage password to access anything. Without the private key, you can still run the check command to check if all chunks exist. You can’t run the check command with the -files option though, because file contents are encrypted by the public key, while metadata are not.

You can also run the prune command without the private key.

This is an interesting use case. You can then provide a restore service for your users from one of your servers. But again, if your only purpose is to check the existence of all chunks then you don’t need this setup.

2 Likes

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.