wiki:ManagingKeysAndCertificates
close Warning: Error with navigation contributor "AccountModule"

Managing Keys & Certificates

Box Backup uses SSL to communicate between the server and the client. It also uses AES to encrypt the data on the server. These technologies rely on various files (aka Keys) some of which need to be protected more than others.

<account number>-csr.pem

Security Level
LOW
Description
The csr file is merely a certificate request file and is only used once. After getting your certificate this file can be deleted.
Exposure
None.

<account number>-cert.pem

Security Level
LOW
Description
The cert file is the clients public SSL key and it, along with the key file, is used to communicate securely with the server. This file is unique to each client but since it is public it is not especially sensitive and can be regenerated.
Exposure
If a bad guy had this file he could copy your encrypted data from the server but wouldn't be able to use it. The bad guy would need <account number>-key.pem as well in order to do this. Without key.pem, he would theoretically have a small chance to be able to encrypt data on the SSL session, but he would not be able to decrypt them. And without both files, the SSL session cannot be set up.

<account number>-key.pem

Security Level
MEDIUM
Description
The key file is the clients private SSL key and it, along with the cert file, is used to communicate securely with the server. This private key is necessary to decrypt incoming communications and establish the clients identity to the server.
Exposure
A bad guy would be able to use this file, along with the public cert file, to impersonate a given client and decrypt the SSL session. The actual data, which is encrypted with the raw file, would not be decrypted.

<account number>-FileEncKeys.raw

Security Level
CRITICAL
Description
This is the master AES key for your data and is used to encrypt your data before sending it to the server. This file is unique to each client and should be protected at all costs and stored off-site in a secure location. Without this file your data is useless.
Exposure
If a bad guy gets this file all bets are off and you are sunk. If you lose this file you are sunk. Everything can be replaced, except this file. Do not lose it and do not let anyone else get a copy of it - you have been warned!

serverCA.pem

Security Level
LOW
Description
This is the servers public SSL certificate and it allows the client to security communicate with the server. Since this file is needed by each client it is public and can be regereated on the server.
Exposure
None.
Last modified 11 years ago Last modified on May 4, 2008, 3:14:16 PM