Re: splitting key across machines

[Colin Percival <cperciva@tarsnap.com>]

On 05/06/14 17:35, The Farmer wrote:
> If I use tarsnap-keymgmt to create a key that can only create new archives, and
> another key that can list and delete old ones, and want to use them from
> different machines, what's the best way to do that?
> 
> I don't want an attacker who gains access to the machine I'm backing up to be
> able to delete old backups, but I don't want to keep old backups indefinitely,
> so my plan is to delete old backups from a different machine.
> 
> I'm guessing the best plan is to use rsync to keep the cache folders in sync on
> the two machines, but do they need to be synced in both directions, or is it
> enough to copy from the machine which creates archives to the one which deletes
> them?

The syncing needs to go both ways -- deletes need to know how many archives use
each block, so they can figure out which blocks are no longer needed after a
delete is finished, and creates need to know which blocks exist.

> If it needs to go both ways then I guess I also need to put some kind of
> semaphore in place to make sure only one machine is using tarsnap at a time.

Tarsnap will guard against inconsistencies, but this is done by cancelling any
ongoing transaction if a new transaction starts, so if you don't have any sort
of semaphore in place you'll probably end up with livelock when the two machines
fight over the archival state.

FWIW, the other common option is to have an unencrypted archive-creation key
and an encrypted archive-deletion key (using tarsnap-keymgmt --passphrased),
then log in from time to time and type the passphrase to let deletes run.
With a good passphrase this is safe as long as the system is not compromised
*at the time you log in to run deletes*.

-- 
Colin Percival
Security Officer Emeritus, FreeBSD | The power to serve
Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid