Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(xo-web): remote level encryption #6321

Merged
merged 6 commits into from
Sep 1, 2022
Merged

feat(xo-web): remote level encryption #6321

merged 6 commits into from
Sep 1, 2022

Conversation

fbeauchamp
Copy link
Collaborator

@fbeauchamp fbeauchamp commented Jul 18, 2022
edited by MathieuRA
Loading

do not merge befofre the july release

Screenshot

Capture d’écran de 2022-08-31 15-22-35

Check list

Check if done, if not relevant leave unchecked.

  • PR reference the relevant issue (e.g. Fixes #007 or See xoa-support#42)
  • if UI changes, a screenshot has been added to the PR
  • documentation updated
  • CHANGELOG.unreleased.md:
    • enhancement/bug fix entry added
    • list of packages to release updated (${name} v${new version})
  • I have tested added/updated features (and impacted code)

Process

  1. create a PR as soon as possible
  2. mark it as WiP: (Work in Progress) if not ready to be merged
  3. when you want a review, add a reviewer (and only one)
  4. if necessary, update your PR, and re- add a reviewer

From the Four Agreements:

  1. Be impeccable with your word.
  2. Don't take anything personally.
  3. Don't make assumptions.
  4. Always do your best.

@fbeauchamp fbeauchamp mentioned this pull request Jul 18, 2022
Closed
8 tasks
@fbeauchamp fbeauchamp force-pushed the feat_remote_encryption branch 3 times, most recently from 1c7777f to 350f173 Compare July 25, 2022 14:55
@fbeauchamp fbeauchamp force-pushed the feat_remote_encryption branch 3 times, most recently from 75d7aba to cd02edf Compare August 1, 2022 12:33
@fbeauchamp fbeauchamp marked this pull request as ready for review August 2, 2022 06:52
@fbeauchamp
Copy link
Collaborator Author

fbeauchamp commented Aug 5, 2022
edited
Loading

Forum post draft :

Hello everybody

Following our blog post, here is the preview of remote level encryption. For now, the algorithm can't be changed and it's AES 256 CBC, we use an initialization vector per file.

To activate it, create a new Remote, add an encryption key ( hexadecimal, 32 char) , and you're good to go.
For reference , here is an encrypted remote :
image
please don't use the same key

Please note that using remote level encryption mandate the use of vhd directory. It means that your remote will have a lot of ( can be millions ) small files and up to 16 concurrent writes per running backup.

On the plus side ALL the data ever written by XO will be encrypted before being sent, you can use an insecure network or remote confidently from delta to full backup , even all the metadata and temporary files.

This should work with any remote type

The current implementation compress and then encrypt the delta backup files. It gives use quite a nice efficiency boost (around 20-30% smaller files) but it can lead to easier key finding by a determined attacker. If you have rivals powerful enough to break AES 256 and willing to do it, you should disable compression in your config.toml by setting vhdDirectoryCompression to false . And also probably build a lair under a volcano.

Please tell us if everything is ok and what can kind of performance cost penalty you see , if any.

regards

@julien-f julien-f self-requested a review August 22, 2022 09:52
@julien-f julien-f changed the title Feat(fs): remote level encryption feat(xo-web): remote level encryption Aug 23, 2022
@julien-f julien-f removed their request for review August 24, 2022 09:30
Rajaa-BARHTAOUI
Rajaa-BARHTAOUI reviewed Aug 31, 2022
View reviewed changes
packages/xo-web/src/common/intl/messages.js Outdated Show resolved Hide resolved
packages/xo-web/src/common/intl/messages.js Show resolved Hide resolved
CHANGELOG.unreleased.md Outdated Show resolved Hide resolved
pdonias
pdonias requested changes Aug 31, 2022
View reviewed changes
packages/xo-web/src/xo-app/settings/remotes/remote.js Outdated Show resolved Hide resolved
CHANGELOG.unreleased.md Outdated Show resolved Hide resolved
packages/xo-web/src/common/intl/messages.js Outdated Show resolved Hide resolved
pdonias
pdonias approved these changes Sep 1, 2022
View reviewed changes
Copy link
Member

@pdonias pdonias left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review ok, not tested!

@julien-f julien-f merged commit dca3f39 into master Sep 1, 2022
@julien-f julien-f deleted the feat_remote_encryption branch September 1, 2022 09:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Rajaa-BARHTAOUI Rajaa-BARHTAOUI Rajaa-BARHTAOUI approved these changes

@pdonias pdonias pdonias approved these changes

@julien-f julien-f Awaiting requested review from julien-f

Assignees

@MathieuRA MathieuRA

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@fbeauchamp @julien-f @Rajaa-BARHTAOUI @pdonias @MathieuRA