Expose External Crypto providers #345
Comments
|
My work-around is a static password on a Yubikey with a brain salt of a shorter memorable phrase appended to it. e.g. 'lkjasdfkljasdf8#$#$#$3423@3$89u..jkasdfjklasdf8348347283123kASKJKDFAFSDFduck-pony-boy' |
|
@emory Is is a smart workaround but doesn't address the main issue: User input of the password, you still need top type your brain salt and the password into the system you are backing up. Had we the ability to use Public Key encryption I could for example have multiple systems doing automated backups to a single location, all using the same public keys, and yet, none of them knowing private key used to protect the data. The relevance of this feature is highlighted by the following section of the documentation:
(PS: I realise most asymmetric key encryption systems use public keys in combination with symmetric algorithms and passwords in order to achieve desirable encryption performance). |
|
Understood, I'd be fine using a PKCS/X.509 method personally, but I imagine a gnupg-derived method would work as well for most people too (and then you'd have the benefit of a key agent). |
It would be great to be able to use externally produced RSA public keys to encrypt backups and to decrypt using RSA private keys.
Ideally this method should support external key provider so that users could store their backup keys using safer mechanisms such as smartcards (rather than passphrases only).
The text was updated successfully, but these errors were encountered: