search

Altinity / clickhouse-backup

Tool for easy ClickHouse backup and restore using object storage for backup files.
https://altinity.com
Other
1.19k stars 216 forks source link

Add GPG crypt support #123

Open rayderua opened 3 years ago

rayderua commented 3 years ago

It would be just great if we could encrypt backups with a GPG key

mastertheknife commented 3 years ago

I would also love that. The backups are currently uploaded to S3, and they contain sensitive data. I already do that for other backups. For MariaDB i do something like mariabackup ... | zstd | gpg --encrypt -r --batch --yes --output myfile.gpg I will see maybe i can add it sometime in the future and add a PR. It shouldn't be too difficult because golang has crypto/openpgp package already.

AlexAkulov commented 3 years ago

Do you want exactly GPG encryption? I'm thinking of adding AES encryption.

mastertheknife commented 3 years ago

The nice thing about GPG, is the asymmetric encryption. We generated a 4096-bit RSA pair (public and private), but we only keep the public key in the server. This allows for encryption only. The private key is kept elsewhere, somewhere safe, in case we'll ever need to decrypt these backups. The main use is not just backup, but also protection against cyber and ransomware, thanks to the S3's object lock (retention, compliance mode). This and the glacier storage class allow for long-term backups that are safe against cyber / ransom attacks.

AlexAkulov commented 3 years ago

Asymmetric encryption (GPG) is much slower than symmetric encryption (AES). So usually asymmetric encryption is used for establishing secure connections only, but symmetric encryption is used for transmitting large data. For example, this method is used in https. Thus symmetric encryption is more suitable for encrypting backups I think.

rayderua commented 3 years ago

I totally agree with mastertheknife. The main idea is to keep the private key in a secure place and get secure backups. I am willing to sacrifice time for the sake of security.

Phyrrex commented 2 years ago

Asymmetric encryption (GPG) is much slower than symmetric encryption (AES).

While that is true, GPG uses hybrid encryption under the hood. It generates a random key and IV, uses those to encrypt your payload using AES or another symmetric cipher and then encrypts the key and IV using RSA / ECDH / other algorithms.

https://en.wikipedia.org/wiki/Hybrid_cryptosystem

dessant commented 2 years ago

WAL-G is also written in Go and it supports the encryption of incremental backups using libsodium and OpenPGP, it may help to take a look at the implementation.

https://github.com/wal-g/wal-g#encryption