0

An embedded device with Linux supports backup/restore of files encrypted with openssl. The idea of backup is: tar -c .... | openssl smime -encrypt -binary -aes-256-cbc -out backupfile.encrypted -outform DER certificate.key and the idea of restore is: openssl smime -decrypt -binary -in backupfile.encrypted -inform DER -inkey private.key -passin file:password.txt | tar -x

Does this idea make sense? Because the good thing is: the backup file is encrypted. The bad thing is: The device contains both, the certificate and the private key. (The file password.txt is provided by temporarily decrypting it from file password.encrypted with a public key.)

Is there another approach of supporting a backup/restore feature on such devices which provides more security?

falkb
  • 1,294
  • 11
  • 35
  • If the backup should only be restorable on that device a random AES key generated on first start would also be sufficient. – Robert Jul 15 '21 at 15:37
  • @Robert: Backup files should also be compatible across devices – falkb Jul 16 '21 at 06:33
  • Then you need special hardware (e.g. CPU with built-in key) or an online solution. Otherwise the key would have to be in the software/formware and could be extracted. – Robert Jul 16 '21 at 06:55
  • Such built-in key must be one across devices, for a whole product family so to speak. An online solution likely doesn't work since an embedded device usually is in an intranet of a company or a local network. – falkb Jul 16 '21 at 08:41
  • 2
    Or you use an user password to deriving a key from it. – Robert Jul 16 '21 at 08:56
  • @Robert: Key from user password sounds not bad although I hope someone comes up with the knowledge how a well-known standard way is in the industry... – falkb Jul 16 '21 at 09:00
  • There is not "standard". The used method depends on your security requirements and what is available in hardware. Is the user allowed to decrypt or alter the backup, and so on. – Robert Jul 16 '21 at 09:02
  • The embedded device needs both functions, encrypt and decrypt a backup file. It looks like I just can try to hide the keys by a few obscure tricks which are hard to understand if someone manages to get access to the internal system. – falkb Jul 16 '21 at 09:08

0 Answers0