[Borgbackup] encryption mechanism understanding
Maurice Libes
maurice.libes at osupytheas.fr
Wed Jul 12 06:22:10 EDT 2017
hi to all
for my understanding may I have some basics elements about the
encryption process between the server and the client ?
in the "repokey" mode, the encryption key is stored in the config file
of one repository, ok?
but the chunk encryption is done on the client, right?
so how the client is able to encrypt the chunks with the key which is
stored on the server?
does this mean that the key is sent on the network towards the client ?
On the client side how is used the passphrase? It serves to access the
encryption key on the server?
does this means that the passphrase is sent to the borg server to access
the encryption key of one repository?
Does the client needs the encryption key stored on the server?
In short I don't understand the different accesses made by the client
and server to the key and the passphrase
If one client PC crashes or burns, can I restore my data from another PC
with only the passphrase sent to the borg server ?
If my Borg server crashes (without the NAS containing the backup
repositories) , may I access the backuped data again, with only a backup
of the differents encryption keys of the repositories (borg key export)
sorry if it is too long to explain
many thanks for any answers
ML
ps: We make a communication about borgbackup in a french congress in
November
https://www.jres.org/fr/programme
and I need to clarify some issues
--
M. LIBES
Service Informatique OSU Pytheas - UMS 3470 CNRS
Batiment Oceanomed
Campus de Luminy
13288 Marseille cedex 9
Tel: 04860 90529
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2935 bytes
Desc: Signature cryptographique S/MIME
URL: <http://mail.python.org/pipermail/borgbackup/attachments/20170712/7c132378/attachment.bin>
More information about the Borgbackup
mailing list