16

We are in need of an encryption process for backups of very valuable data. This data will be stored on a distributed filesystem, so even with permissions set right, it's not out of reach that this data is copied or read. I'm searching for a reasonably simple method to encrypt tar archives and only have them readable by three individuals.

After lots of searching, I would like to know if GPG with reasonable key lengths (pub/priv keys) could be used or if a symmetric encryption scheme would be as secure. I'm favoring a public key approach because I could automate the encryption without storing the password.

The private keys or password can be transferred reasonably securely out-of-band and I would like the data to be unreadable without the keys for long term archiving.

Edit: I guess the big problem with publicly accessible backups is the keylength. I don't want the data to be readable in five years. Even going to 2048 Bit doesn't guarantee me, that a smart researcher doesn't come up with a new attack.

I guess if I'd need at least 20 years, 4096 or even 8192 Bit are reasonable?

Entropy for the generation is also a factor I'm looking at, but I have a fairly good randomness source (not a PRNG) and am just checking, how GPG can use it.

Any other thing I have to consider?

Edit II: The target audience is me and two colleagues, so I assume that after consulting a HowTo written by me, the other two will be able to use GPG4Win.

I'm trying to protect against users reading the files, of course. The files will be semi-available to a wider audience (think of a corporate network where every workstation is partly part of a distributed replicated filesystem like GlusterFS). I also need to protect the integrity of the files, not so much their availability (Gluster takes care of that).

Lilly
  • 9
  • 4
josen
  • 161
  • 1
  • 1
  • 3
  • 1
    How technical are your users and what threat are you trying to protect against? Normal users attempting unauthorized access to the files, theft of medium, etc? – Scott Pack Jun 07 '11 at 12:39
  • thanks for the answer .) And sorry for the spelling mistakes, was just "thinking out loud" from a train. I guess the big problem with publicy accessible backups is the keylength. I don't want the data to be readable in five years. Even going to 2048 Bit doesn't guarantee me, that a smart researcher doesn't come up with a new attack. I guess if I'd need at least 20 years, 4096 or even 8192 Bit are reasonable? Entropy for the generation is also a factor I'm looking at, but I have a fairly good randomness source (not a PRNG) and am just checking, how GPG can use it. Any other thing I have to cons – josen Jun 07 '11 at 12:46
  • Do the backups have to be network available? The easiest way to limit access is to simply take the backups offline and use a little physical security. Or divide the backups into segments based on requirements for confidentiality and availability. If a backup segment needs high confidentiality and low availability, take it offline. – this.josh Jun 08 '11 at 23:18

2 Answers2

13

GnuPG is indeed the way to go. A Windows build exists at Gpg4win.

Using asymmetric keys means that whatever encrypts the data (the backup system) needs not know any private data element, thus its compromise does not allow an attacker to decrypt past backups. Also, you can encrypt the archive relatively to several public keys (this will not enlarge the data by much), thus allowing you to potentially "revoke" people (if you decide that one of your three persons should no longer be able to decrypt backups, you just stop encrypting the backups with regards to his public key, without having to change anything for the other two).

Thomas Pornin
  • 320,799
  • 57
  • 780
  • 949
2

For the files to be readable by three individuals then either the three would

1) need the same key (meaning you could use symmetric or assymetric encryption) 2) use seperate keys with copies of the files encrypted for each user - NB see also Thomas' answer - seems to suggest that GPG supports multiple target encryption, although I'm not familiar with that. 3) use the same key but with three copies using different passphrases

Alternatively you could use a quorum encryption algorithm (with min sufficiency of 1) - but I don't know of any products implementing this, let alone compatible software for different platforms.

You might also want to have a look at the SSL Certificates howto which describes using x509 certificates for encrypting/decrypting files (similar to GPG but with better centralized management of keys).

HTH

symcbean
  • 18,278
  • 39
  • 73
  • 1
    See @Thomas' answer. PGP-based systems encrypt the data using a symmetric cipher with a random key, then encrypt the key with the public key of an entity. Only one copy of each file needs to be encrypted with multiple target keys specified. That will result in more copies of the symmetric key being included at the price of just a few bytes per target. – Jeff Ferland Jun 07 '11 at 13:32