Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve control over database crypt keys [CORE5100] #2002

Closed
firebird-automations opened this issue Feb 3, 2016 · 12 comments
Closed

Improve control over database crypt keys [CORE5100] #2002

firebird-automations opened this issue Feb 3, 2016 · 12 comments

Comments

@firebird-automations
Copy link
Collaborator

Submitted by: @AlexPeshkoff

It's necessary to be able to provide different keys to dbcrypt plugin for different databases. In case when invalid key is provided an error should be reported (segfault in server due to damaged ODS is not accepted to be good way to report such errors).

Commits: 0e45ec6 e7270be 0c2f694 c824acf bebf1d5 FirebirdSQL/fbt-repository@a4e31f2 FirebirdSQL/fbt-repository@90723ab FirebirdSQL/fbt-repository@6839df9 FirebirdSQL/fbt-repository@a05d8f3 FirebirdSQL/fbt-repository@0bbc34e

@firebird-automations
Copy link
Collaborator Author

Modified by: @AlexPeshkoff

assignee: Alexander Peshkov [ alexpeshkoff ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @AlexPeshkoff

status: Open [ 1 ] => Resolved [ 5 ]

resolution: Fixed [ 1 ]

Fix Version: 3.0 RC2 [ 10048 ]

@firebird-automations
Copy link
Collaborator Author

Commented by: @aafemt

Didn't you say that databases.conf have to be used for configuring a key holder for a particular database?..

@firebird-automations
Copy link
Collaborator Author

Commented by: @AlexPeshkoff

I hope I've said _may_ be used, but anyway I do not see direct relationship between providing key name and using different key holder plugins.

@firebird-automations
Copy link
Collaborator Author

Commented by: @aafemt

No, you said exactly that: "key holder must never be configured in (common) firebird.conf, they have to be set in databases.conf for each encrypted database separately, so no problem with keys because every single key holder is used for exactly one database".

That time I didn't agree and now in Avalerion every database has unique id and this id is provided to crypt plugin and key holder for db/key identification.

@firebird-automations
Copy link
Collaborator Author

Commented by: @AlexPeshkoff

I can't find that phrase in Sent email...
Taken exactly it's certainly wrong. If one wants all encrypted databases to use same KeyHolder plugin it certainly may be configured in firebird.conf. If one wants to use different key holders for different databases they must be configured in databases.conf.
What about Avalerion features - sorry, on my mind use of named keys is better option. For example they may be preconfigured in advance. And are definitely better reaqdable than GUIs.

@firebird-automations
Copy link
Collaborator Author

Commented by: @aafemt

Your implementation is plain wrong. You must not remove key name and hash from header until complete database decode. Otherwise you lose ability to resume the process if it is aborted in a half and leave database broken.

@firebird-automations
Copy link
Collaborator Author

Modified by: @aafemt

status: Resolved [ 5 ] => Reopened [ 4 ]

resolution: Fixed [ 1 ] =>

@firebird-automations
Copy link
Collaborator Author

Commented by: @aafemt

BTW, to make from 128 bits sample 160 bits hash and then blow it even more with base64 - also not a perfect idea. You'd better use sample of a page size at least and store the hash as is (header clumplet can keep binary data w/o problem).

@firebird-automations
Copy link
Collaborator Author

Commented by: @AlexPeshkoff

Implementation fixed.
What about sample size - 128 bits are needed only to run crypt plugins that require at least that data size, to get crypt key plus plugin footprint sizngle byte is enough.
Storing big integer as base64 (or even hex) string is much safer than use of binary bigint - internal binary representation may depend upon endianess and/or implementation details. What about space in header page - we have for sure enough.

@firebird-automations
Copy link
Collaborator Author

Modified by: @AlexPeshkoff

status: Reopened [ 4 ] => Resolved [ 5 ]

resolution: Fixed [ 1 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @pavel-zotov

status: Resolved [ 5 ] => Resolved [ 5 ]

QA Status: No test => Cannot be tested

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants