clickhouse-backup icon indicating copy to clipboard operation
clickhouse-backup copied to clipboard
verified publisher icon Altinity

Add GPG crypt support

Open rayderua opened this issue 5 years ago • 7 comments

It would be just great if we could encrypt backups with a GPG key

rayderua avatar Oct 25 '20 07:10 rayderua

I would also love that. The backups are currently uploaded to S3, and they contain sensitive data. I already do that for other backups. For MariaDB i do something like mariabackup ... | zstd | gpg --encrypt -r --batch --yes --output myfile.gpg I will see maybe i can add it sometime in the future and add a PR. It shouldn't be too difficult because golang has crypto/openpgp package already.

mastertheknife avatar Jun 17 '21 12:06 mastertheknife

Do you want exactly GPG encryption? I'm thinking of adding AES encryption.

AlexAkulov avatar Jun 17 '21 13:06 AlexAkulov

The nice thing about GPG, is the asymmetric encryption. We generated a 4096-bit RSA pair (public and private), but we only keep the public key in the server. This allows for encryption only. The private key is kept elsewhere, somewhere safe, in case we'll ever need to decrypt these backups. The main use is not just backup, but also protection against cyber and ransomware, thanks to the S3's object lock (retention, compliance mode). This and the glacier storage class allow for long-term backups that are safe against cyber / ransom attacks.

mastertheknife avatar Jun 17 '21 14:06 mastertheknife

Asymmetric encryption (GPG) is much slower than symmetric encryption (AES). So usually asymmetric encryption is used for establishing secure connections only, but symmetric encryption is used for transmitting large data. For example, this method is used in https. Thus symmetric encryption is more suitable for encrypting backups I think.

AlexAkulov avatar Jun 17 '21 16:06 AlexAkulov

I totally agree with mastertheknife. The main idea is to keep the private key in a secure place and get secure backups. I am willing to sacrifice time for the sake of security.

rayderua avatar Jun 18 '21 08:06 rayderua

Asymmetric encryption (GPG) is much slower than symmetric encryption (AES).

While that is true, GPG uses hybrid encryption under the hood. It generates a random key and IV, uses those to encrypt your payload using AES or another symmetric cipher and then encrypts the key and IV using RSA / ECDH / other algorithms.

https://en.wikipedia.org/wiki/Hybrid_cryptosystem

Phyrrex avatar Oct 10 '21 11:10 Phyrrex

WAL-G is also written in Go and it supports the encryption of incremental backups using libsodium and OpenPGP, it may help to take a look at the implementation.

https://github.com/wal-g/wal-g#encryption

dessant avatar Feb 17 '22 09:02 dessant