@dyhs drew my attention to this thread in a thread that I created
. I've read through your proposal a few times now and I'm still not sure I correctly understand the design you're proposing. For the purposes of my post here, I'm going to skip the details of the specific ciphers you mention as well as the ancillary benefits you're suggesting, i.e. "old backup invalidation" and multi-user decryption, and instead focus solely on the core security design. Please let me know if I'm understanding your proposal correctly:
- When a user is setting up a definition file and provides an encryption password, Reflect generates an RSA/Elliptic Curve key pair. Let's name them:
Key A = Public Key
Key B = Private Key
- Broadly speaking, the intent is to use Key A (indirectly) for encrypting backups and Key B (indirectly) for decrypting them, which would allow Key A to be stored in a definition file (in cleartext) to create backups, without introducing the risk that a malicious actor could use that to find a way to decrypt backups.
- Every time a backup runs, Reflect generates a unique, random AES-256 key (call it Key C), which will be used to directly
encrypt the data being backed up. Key C would be encrypted by Key A (available in the definition file) and that encrypted result would be stored in the backup file
being generated. Because Key C was encrypted with Key A, it can now only be decrypted by Key B.
- Key B would be encrypted by a user-supplied password, and that encrypted result would also
be stored in every backup file that was generated. The end result would be that in order to decrypt the data in the backup file, the user would supply a password, which would decrypt Key B. Key B would then be used to decrypt Key C, and Key C would be used to decrypt the actual data in the backup file.
Question: If the ciphertext version of Key B (generated by encrypting with the user-supplied password) needs to be added to every backup file, it has to be stored somewhere -- where would you store that? In the definition file? If you store it elsewhere, that would affect the "portability" of your backup jobs to other PCs.