alteropen/beopen
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2025-02-10. You can view files and clone it, but cannot push or open issues or pull requests.
Files
main
beopen/server/docs/Guide to encrypting the database.md
alteropen b9abff8012 Full completed project
2025-02-10 12:37:33 +00:00

4.8 KiB
Raw Permalink Blame History

Overview

This document is designed to guide an administrator through setting up encryption on their BeOpen database. This can be a good idea for increased security and ease of response to a breach. If you have database encryption in event of a breach all you have to do is shutdown the server application, this encrypts the database immediately.

Remember you can (while logged in on an admin account) shutdown the server from your settings panel.

Options

Before enabling encryption and getting it setup you have to consider some options available to you. Standard encryption simply utilises a single master password which you can use to decrypt the database from any active client device while the server is in "decrypt" mode.

You also have the option of enabling Shamir secret sharing. This allows you to create a number of "shares", you can then hand out shares to trusted colleagues or friends, in the event you as the administrator ever loses the master password you can ask for a set number of these shares to be given back to you, inputting these shares into the "decrypt" screen of the client will decrypt the database and reconstruct your master password.

You can decide how many shares are required to reconstruct your master password and how many shares you want to create. Its completely up to you. The only limitations is that the number of shares created must be less than 20 and the number of shares needed for reconstruction must be less than 7. These parameters can be changed in the configuration file, under the database section.

Guide

  1. Decide upon a master password, note your master password must be an integer. We recommend that this integer is made to be significantly large, short common integers may be easily guessed or easy to crack.
  2. Create a text file at the path "data/encryptconfig.txt" (This path is configurable in the database section of your configuration file) and type your master password into this file.
  3. Enable encryption in the configuration file by setting "EncryptDatabase" to "true".
  4. If you want Shamir secret sharing enable this in the same section of your configuration file by setting "ShamirSecretSharing" to "true". Additionally change the values of "MinimumShares" and "NumberOfShares" to your preferred values.
  5. Launch the server, if all goes according to plan the server will launch normally and you will be able to start any client and enter the decryption credentials.

Distribution of shares

If you used Shamir secret sharing your shares will now be sat as a collection of text files in (by default) data/shares. These text files will NOT be automatically deleted and so deleting these text files is left up to you as the administrator.

When you give someone a share make sure they remember their share number and share secret. If you know your share secret but cannot remember your share number it is not possible to use the share. The minimum shares required for reconstruction of the master password is considered public so this fact is also included on all shares. However this number is also stored in the configuration file of the server.

Fail

Encryption

If the encryption fails in anyway the server will log the problem and shutdown. Have a good read of the server logs, the most common issue may be that the shares generated could not reconstruct the original key. If this is the case simply try again or use a shorter master password.

Server shutdown (ungraceful)

If the server suddenly lost power or was unable to perform a graceful shutdown for any reason the unencrypted database will be left on the system. This happens to avoid the risk of data loss. In this event:

  1. Backup the encrypted database and the unencrypted database
  2. Set encryption to false in the configuration file
  3. Decrypt the database from any client
  4. Shutdown the server again (gracefully)
  5. Delete the database in the server directory and replace it with the previous version you backed up
  6. You can then re-enable encryption and go through the process of setting that up again. If you use the same master password you do NOT have to re distribute the Shamir secret shares. However a set of new shares may be generated simply delete these files.

Dos and don'ts

If you use Shamir secret sharing do NOT change the "MinimumShares" configuration even after the encryption has successfully happened and the shares have been generated. If for some reason this option does change contact share holders to see if they or anyone else knows the correct value, without this value the master password cannot be re-constructed.

Do not manually change or alter any files unless instructed to do so by this guide. Changing configuration options while the server is running can lead to loss of data.

Do not share your master password with anyone else, if you wish to have a "backup" please use the Shamir secret sharing feature built into the server.