docs(backups): encryption algorithms #8266
Open
+40
−0
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Explain how backups are encrypted by Xen Orchestra, what each encryption algorithm does, and how it works with Amazon S3 Signed-off-by: Thomas Moraine <[email protected]>
julien-f
reviewed
Jan 23, 2025
docs/docs/backups.md
Outdated
| @@ -26,6 +26,43 @@ Each backups' job execution is identified by a `runId`. You can find this `runId | |||
|
|
|||
|  | |||
|
|
|||
| ## Backup Encryption | |||
|
|
|||
| Xen Orchestra ensures robust data security for backups stored in Amazon S3 by leveraging advanced encryption algorithms. Here’s a closer look at how encryption works and the technology behind it: | |||
There was a problem hiding this comment.
Encryption is compatible will all remotes, not only Amazon S3.
Encryption is opt-in and requires configuring an encryption key on the remote (page Settings/Remotes), I think we should show that.
There was a problem hiding this comment.
Fixed by 6587b3a
docs/docs/backups.md
Outdated
|
|
||
| Currently, backups use the `AES-256-GCM` encryption algorithm. While this is a highly secure option, it does have a file size limitation of 64 GiB. This isn’t an issue when working with Amazon S3, as the data is split into smaller blocks, making it fully compatible with the platform. | ||
|
|
||
| In addition, this algorithm is fully compliant with [ANSSI guidelines](https://cyber.gouv.fr/sites/default/files/2021/03/anssi-guide-selection_crypto-1.0.pdf). |
There was a problem hiding this comment.
Suggested change
| In addition, this algorithm is fully compliant with [ANSSI guidelines](https://cyber.gouv.fr/sites/default/files/2021/03/anssi-guide-selection_crypto-1.0.pdf). | |
| In addition, this algorithm is fully compliant with [ANSSI guidelines 🇫🇷](https://cyber.gouv.fr/sites/default/files/2021/03/anssi-guide-selection_crypto-1.0.pdf). |
There was a problem hiding this comment.
Fixed by e4be723.
Replaced the flag with a 'French' label. Flags aren't good practice, as per https://www.flagsarenotlanguages.com/
docs/docs/backups.md
Outdated
|
|
||
| ### Current Encryption Algorithm: `AES-256-GCM` | ||
|
|
||
| Currently, backups use the `AES-256-GCM` encryption algorithm. While this is a highly secure option, it does have a file size limitation of 64 GiB. This isn’t an issue when working with Amazon S3, as the data is split into smaller blocks, making it fully compatible with the platform. |
There was a problem hiding this comment.
Suggested change
| Currently, backups use the `AES-256-GCM` encryption algorithm. While this is a highly secure option, it does have a file size limitation of 64 GiB. This isn’t an issue when working with Amazon S3, as the data is split into smaller blocks, making it fully compatible with the platform. | |
| Currently, backups use the [`AES-256-GCM`](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) encryption algorithm. While this is a highly secure option, it does have a file size limitation of 64 GiB. This isn’t an issue when working with Amazon S3, as the data is split into smaller blocks, making it fully compatible with the platform. |
There was a problem hiding this comment.
Fixed by 259124a
docs/docs/backups.md
Outdated
|
|
||
| To improve flexibility and performance, Xen Orchestra will transition to the `ChaCha20-Poly1305` encryption algorithm by February 2025. This update addresses the file size limitations of `AES-256-GCM` while maintaining a high level of security and compliance with ANSSI guidelines. | ||
|
|
||
| Backup repositories that were encrypted with `AES-256-GCM` will remain accessible, to ensure a smooth transition. |
There was a problem hiding this comment.
Suggested change
| Backup repositories that were encrypted with `AES-256-GCM` will remain accessible, to ensure a smooth transition. | |
| Backup repositories that were encrypted with `AES-256-GCM` will remain accessible, to ensure a smooth transition. | |
| This algorithm is also fully compliant with [ANSSI guidelines 🇫🇷](https://cyber.gouv.fr/sites/default/files/2021/03/anssi-guide-selection_crypto-1.0.pdf). |
There was a problem hiding this comment.
Fixed by e4be723.
Replaced the flag with a 'French' label. Flags aren't good practice, as per https://www.flagsarenotlanguages.com
docs/docs/backups.md
Outdated
|
|
||
| ### Upcoming Change: `ChaCha20-Poly1305` | ||
|
|
||
| To improve flexibility and performance, Xen Orchestra will transition to the `ChaCha20-Poly1305` encryption algorithm by February 2025. This update addresses the file size limitations of `AES-256-GCM` while maintaining a high level of security and compliance with ANSSI guidelines. |
There was a problem hiding this comment.
Suggested change
| To improve flexibility and performance, Xen Orchestra will transition to the `ChaCha20-Poly1305` encryption algorithm by February 2025. This update addresses the file size limitations of `AES-256-GCM` while maintaining a high level of security and compliance with ANSSI guidelines. | |
| To improve flexibility and performance, Xen Orchestra will transition to the [`ChaCha20-Poly1305`](https://en.wikipedia.org/wiki/ChaCha20-Poly1305) encryption algorithm by February 2025. This update addresses the file size limitations of `AES-256-GCM` while maintaining a high level of security and compliance with ANSSI guidelines. |
There was a problem hiding this comment.
Fixed by 259124a
docs/docs/backups.md
Outdated
Comment on lines
45
to
64
| ### How It Works | ||
|
|
||
| #### AES-256-GCM | ||
|
|
||
| `AES-256-GCM` is a symmetric-key cryptographic block cipher, which is a method for encrypting data that ensures both confidentiality and integrity. | ||
|
|
||
| This method uses a 256-bit secret key and a unique initialization vector (IV) to encrypt data with the AES algorithm, transforming it into unreadable blocks. | ||
| The "GCM" part (Galois/Counter Mode) adds a verification tag to detect any tampering with the encrypted data. To decrypt, the same key and IV are required, and the tag ensures the data hasn’t been altered. | ||
|
|
||
| It’s a fast and secure system, commonly used in applications like secure web browsing and messaging. | ||
|
|
||
| #### ChaCha20-Poly1305 | ||
|
|
||
| `ChaCha20-Poly1305` is a stream cypher, which is a method for encrypting messages. | ||
|
|
||
| Stream cyphers generate a random-looking sequence of bits, called a keystream, that matches the length of the message. This keystream is created using a secret key and an additional starting value called an initialization vector (IV). | ||
|
|
||
| To encrypt the message, the cipher combines each bit of the message with the corresponding bit of the keystream using a simple XOR operation (a basic "bit-flipping" process). | ||
|
|
||
| The result is the encrypted message, or ciphertext. Modern stream ciphers are designed to ensure the keystream appears completely random, even if someone tries to manipulate the initialization vector. |
There was a problem hiding this comment.
While it is quite interesting, I don't think it makes sense to put in our documentation. 🤔
There was a problem hiding this comment.
Fixed by afcdbd8
Signed-off-by: Thomas Moraine <[email protected]>
Signed-off-by: Thomas Moraine <[email protected]>
…en-orchestra into doc-encryption-details Signed-off-by: Thomas Moraine <[email protected]>
Note: using flags to identify languages is bad practice Signed-off-by: Thomas Moraine <[email protected]>
thomas-dkmt
force-pushed
the
doc-encryption-details
branch
from
a77fdbf to
515c20b
Compare
Signed-off-by: Thomas Moraine <[email protected]>
thomas-dkmt
force-pushed
the
doc-encryption-details
branch
from
347e4ea to
259124a
Compare
fbeauchamp
requested changes
Jan 24, 2025
| 2. Go to the section called **New file system remote**, or edit an existing remote. | ||
| 3. In the subsection called **Encrypt all new data sent to this remote** you will find a text area. Enter your encryption key there. | ||
| 4. Click the **Save configuration** Button to finish the encryption setup. | ||
|
|
There was a problem hiding this comment.
encryption is only compatible with block based remote. (Full backup don't care, but incremental backup will fail if not )
There was a problem hiding this comment.
Fixed by 4d784b0
| Encryption is opt-in and requires configuring an encryption key on the remote. | ||
|
|
||
| 1. Go to the Settings → Remote menu. | ||
| 2. Go to the section called **New file system remote**, or edit an existing remote. |
There was a problem hiding this comment.
encryption can't be changed if a remote contains any backup (either enabling/disabling of changing the key )
There was a problem hiding this comment.
Fixed by 4d784b0
docs/docs/backups.md
Outdated
| ### Current Encryption Algorithm: `AES-256-GCM` | ||
| Currently, backups use the [`AES-256-GCM`](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) encryption algorithm. While this is a highly secure option, it does have a file size limitation of 64 GiB. This isn't an issue when working with Amazon S3, as the data is split into smaller blocks, making it fully compatible with the platform. | ||
|
|
||
| In addition, this algorithm is fully compliant with [ANSSI guidelines (in French)](https://cyber.gouv.fr/sites/default/files/2021/03/anssi-guide-selection_crypto-1.0.pdf). |
There was a problem hiding this comment.
this algorithm is authenticated, that means an additional metadata is put at the end of any saved file. This is used on restore to ensure that the data restored are exactly the data that were encrypted, thus detecting bit rot or a malicious attacker without the key. Note this is not a recoverable error, the file will be unusable
https://en.wikipedia.org/wiki/Authenticated_encryption
There was a problem hiding this comment.
Fixed by 4d784b0
There was a problem hiding this comment.
TODO : it's the same for the other algorithm
|
|
||
| To improve flexibility and performance, Xen Orchestra will transition to the [`ChaCha20-Poly1305`](https://en.wikipedia.org/wiki/ChaCha20-Poly1305) encryption algorithm by February 2025. This update addresses the file size limitations of `AES-256-GCM` while maintaining a high level of security and compliance with ANSSI guidelines. | ||
|
|
||
| Backup repositories that were encrypted with `AES-256-GCM` will remain accessible, to ensure a smooth transition. |
There was a problem hiding this comment.
as aes-256-gcm , chacha20-poly1305 is authenticated
Add requirements on block-based remotes Warn that encryption can't be saved if remote contains a backup Explain how authentication works with AES-256-GCM Signed-off-by: Thomas Moraine <[email protected]>
Co-authored-by: Florent BEAUCHAMP <[email protected]>
Signed-off-by: Thomas Moraine <[email protected]>
julien-f
changed the title
Signed-off-by: Thomas Moraine <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Explain how backups are encrypted by Xen Orchestra, what each encryption algorithm (AES-256-GCM and ChaCha20-Poly1305) does, and how it works with Amazon S3.