Client-side encryption

JoeyDumont · January 29, 2019, 3:38pm

Hi!

Do you have technical documentation on how you perform client-side encryption in the CloudBerry Backup client?

My primary concern is this: does CloudBerry have access to the encryption keys? When you specify an encryption key in a Remote Deploy configuration, how is that key transferred to the client? Is it stored in plaintext, or is a key generated from the password (or some other process)?

Thanks!

Matt · January 29, 2019, 3:58pm

[reply=“JoeyDumont;d689”] We wouldn’t be in backup business for long if we stored anything in plain text
Upon entering encryption key it is actually immediately encrypted, obfuscated and only then sent to the machine via secure connection.
You can’t really extract the password from the config file in any way.

JoeyDumont · January 29, 2019, 4:13pm

So, I’m guessing that the passphrase is taken through a PBKDF or some other cryptographic process to generate a key from the passphrase?

David_Gugick · January 29, 2019, 7:01pm

[reply=“JoeyDumont;2357”] That’s correct. Here is a link to a doc that talks about the process in more detail. Excerpted:

CloudBerry Lab Security Whitepapers:

Download CloudBerry Lab Security Design and Implementation
https://www.cloudberrylab.com/company/media/downloads.aspx
Direct Link: https://www.cloudberrylab.com/download/CloudBerry%20Lab%20Security%20Considerations.pdf

JoeyDumont · January 29, 2019, 9:04pm

Thanks for the link, that’s very helpful!

From this documentation, since CloudBerry controls (it has to, in fact) the AES key used to encrypt the password, it means that CloudBerry has the capability of recovering the encryption passphrase, and, thus, the encryption key. Is this correct?

Matt · January 29, 2019, 9:14pm

[reply=“JoeyDumont;2359”] Correct, but that can only happen if you consciously send us the original config file of the plan from your HDD. Even when sending diagnostic info using automated procedure the password string is modified so that it can’t be recovered by anything. It becomes just “*” symbols.

JoeyDumont · January 29, 2019, 9:23pm

Ok. I’ll just recap to make sure I got everything right.

The password is stored encrypted in the client configuration file, is decrypted at plan execution time by fetching the AES key from CloudBerry’s servers. The key is used locally to encrypt the data that needs to be uploaded during that backup plan’s execution.

Is the password stored in its encrypted form in the Remote Deploy pane of the Management Console, or is it elided from the configuration file completely?