-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 2016-05-24 08:26,
li...@mullvad.net wrote:
>
>
> On Friday, May 20, 2016 at 3:19:07 PM UTC+2, Chris Laprise wrote:
>>
>> Then you could copy the encryption method used in the python
>> scripts for qvm-backup, using openssl. For transmission, use an
>> appvm assigned to the task of connecting to the destination:
>> issue qvm-run commands in the vm to take care of the
>> particulars, such as running 'scp'. Using '--pass-io' with
>> qvm-run will allow you to pipe backup data from dom0 to your vm
>> commands.
>>
>> Chris
>>
>
> Yes, exactly my plan, the part about using a dedicated VM and
> talking to it with 'qvm-run --pass-io'.
>
> Regarding the encryption I have some questions left that I didn't
> take a decision about and could use some input around. qvm-backup
> is all about using a symmetric cipher with a passphrase. This
> works fine since I guess most people invoke that script manually. I
> want a fully automatic backup solution and I would then need access
> to the passphrase in dom0. Would you regard simply storing that
> passphrase in a file in dom0 to be an acceptable solution?
Yes. See this message (and the surrounding discussion):
https://groups.google.com/d/msg/qubes-devel/EBc4to5IBdg/fzMGx7QcwrkJ
> Another solution would be having to start the backup process
> manually upon each boot and entering the passphrase in the console
> so it can keep the passphrase in ram for the lifetime of the
> process.
>
Yes. This means that the passphrase could be obtained from RAM, but
the same is true of the disk decryption passphrase (which protects the
backup passphrase) via a cold boot attack. Depends on the threat
model. In practice, probably not a significant security difference.
> The fact that qvm-backup takes a --passphrase-file might already
> confirm that at least someone accepts having the passphrase in
> plaintext on disk. I'm concerned about this since that solution
> could reveal the entire secret on screen with just a few
> keypresses. This can be compared with LUKS or a passphrase
> protected asymmetric private key where one can't extract the
> secret even if they get a hold of the unlocked computer for a
> while.
>
Again, I think this depends on the threat model. Arguably, not many
more keypresses would be required to permanently and undetectably
compromise dom0, so if an attacker gains access to the keyboard in
that disk-decrypted, screen-unlocked state, we should assume it's game
over.
> Would you regard any/both of the above symmetric solutions
> better/safer than having a public key in dom0 that you do
> asymmetric encryption of the backups with? Given I solve the gpg
> attack surface issue Marek pointed out of course.
>
Personally, I would never use asymmetric encryption for a long-term
backup for the reason cited immediately below. (And keep in mind that
any backup can be "long-term" against your will if any copies are
retained, e.g., by cloud storage services or forensically recoverable
storage media.)
> If I'm not mistaken, symmetric encryption is regarded safer
> against quantum computers and other future attacks and that might
> be a reason to stay all in symmetric for the backups, since we
> don't want to trust the place we store it in.
>
Correct.
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJXRP4vAAoJENtN07w5UDAwqUwQAMIQs35eaZ5xFAAu4K6zY6WI
8PL3tzb5j3dFLiLP7H9GIbjg0VWSVZMJaa2bENeBKC77R+71FH05v3ipdKllyBMJ
uoV7LyPnW3LeKrj+ajM9IALddpcwew6cSKQ0UCof8fxiUOI2Ylqpng2bro6/wysx
CQcZgl1F3yN5i1JnSMzDAZ7FtlZ2rXCH5/ARqtttIz6ChyiLefkzEgwp1TEhVZ3e
Ed/dTacN4bBvu3zbpnSmsgrVWyMwnErRZiKpNjKNJRSJC25tNOYnFdL3gGztfy/6
7Hmt0vcrpyy0KayK+LffswwYGrj/HVCsCE8H46eEBDalCDBl+X+jS1evgba2wV7h
79ZhmmZ4iumzGdDK3owFKSu9J+Pv9Ot/6qVYXOCnNUWgAoWcdoEWds84HscZGQeL
QN+d4r93sKu0bqkaFsXWPOb9KUpN6mg/8jMAD50kKgQN6kwXC37hP+buAtjbZ4nC
458EjxGgjLcEkgT2Sa28k2tGnhs+FOSaaaEqWYwx1EbxRDsNFBcY0BNnfFaMR1ar
HcZqvDOz4cXZ0S34X/17pA3fHb1RqK87inZ3NS4VgppIHYZmaOxwuidnjb/QBy9Y
/hmrdM2FzgNQGKvHJJOLolEqC8Go8e19bTINhccVHWqPLhOOmErAm4y/UWn3YxEy
o62sCRL4lqFoYZAFoEoo
=ZT5j
-----END PGP SIGNATURE-----