From: "Fabian Grünbichler" <f.gruenbichler@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: [pbs-devel] [PATCH proxmox-backup 0/7] add, persist and check key fingerprint
Date: Tue, 17 Nov 2020 18:57:18 +0100 [thread overview]
Message-ID: <20201117175725.3634238-1-f.gruenbichler@proxmox.com> (raw)
next improvements/follow-ups in this area:
- return fingerprint via SnapshotListItem, display somehow in GUI
(pending list_snapshot refactor which is waiting for review)
- filter snapshot list by fingerprint and/or crypt mode (for GUI, client, PVE)?
- display in PVE (storage key fingerprint in storage config view,
manifest fingerprint via new attribute mechanism once its returned by
list_snapshot?)
- postinst to fixup PVE generated keys via change-passphrase
- switch libproxmox-backup-qemu to just call crypt_config.fingerprint()
longer term ideas:
- some sort of keyring? multiple keys in a single keyfile to allow
rotation?
Fabian Grünbichler (7):
crypt config: add fingerprint mechanism
key: add fingerprint to key config
client: print key fingerprint and master key
client: add 'key show' command
fix #3139: add key fingerprint to manifest
manifest: check fingerprint when loading with key
client: check fingerprint after downloading manifest
src/backup/crypt_config.rs | 17 +++++-
src/backup/key_derivation.rs | 23 ++++++--
src/backup/manifest.rs | 33 ++++++++++++
src/bin/proxmox-backup-client.rs | 14 +++--
src/bin/proxmox_backup_client/benchmark.rs | 2 +-
src/bin/proxmox_backup_client/catalog.rs | 6 ++-
src/bin/proxmox_backup_client/key.rs | 63 ++++++++++++++++++++--
src/bin/proxmox_backup_client/mount.rs | 7 ++-
src/tools/format.rs | 58 ++++++++++++++++++++
9 files changed, 208 insertions(+), 15 deletions(-)
--
2.20.1
next reply other threads:[~2020-11-17 17:58 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-17 17:57 Fabian Grünbichler [this message]
2020-11-17 17:57 ` [pbs-devel] [PATCH proxmox-backup 1/7] crypt config: add fingerprint mechanism Fabian Grünbichler
2020-11-17 17:57 ` [pbs-devel] [PATCH proxmox-backup 2/7] key: add fingerprint to key config Fabian Grünbichler
2020-11-18 8:48 ` Wolfgang Bumiller
2020-11-17 17:57 ` [pbs-devel] [PATCH proxmox-backup 3/7] client: print key fingerprint and master key Fabian Grünbichler
2020-11-17 18:38 ` Thomas Lamprecht
2020-11-17 17:57 ` [pbs-devel] [PATCH proxmox-backup 4/7] client: add 'key show' command Fabian Grünbichler
2020-11-17 17:57 ` [pbs-devel] [PATCH proxmox-backup 5/7] add key fingerprint to manifest Fabian Grünbichler
2020-11-17 17:57 ` [pbs-devel] [PATCH proxmox-backup 6/7] fix #3139: manifest: check fingerprint when loading with key Fabian Grünbichler
2020-11-17 17:57 ` [pbs-devel] [PATCH proxmox-backup 7/7] client: check fingerprint after downloading manifest Fabian Grünbichler
2020-11-18 5:27 ` [pbs-devel] [PATCH proxmox-backup 0/7] add, persist and check key fingerprint Dietmar Maurer
2020-11-18 5:47 ` Dietmar Maurer
2020-11-18 6:47 ` Thomas Lamprecht
2020-11-18 8:27 ` Fabian Grünbichler
2020-11-18 8:54 ` Dietmar Maurer
2020-11-23 7:55 ` Dietmar Maurer
2020-11-23 8:16 ` Fabian Grünbichler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201117175725.3634238-1-f.gruenbichler@proxmox.com \
--to=f.gruenbichler@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox