What algorithm is used to encrypt the backup data?
To encrypt backup data the AES256 is used.
How the key is generated, where it stored and how protected?
The AES256 key is generated by backup agent randomly at the moment of backup creation. This key is stored in the backup and protected by RSA key. The RSA key length is 15360 bits.
How password is used when creating or accessing the backup?
RMAD uses RSA keys to protect the encryption\decryption key. This key is encrypted with RSA public key and stored in the backup. The private part of RSA key is encrypted with user password (AES256 key based on user password is used) and stored in the backup as well.
Where is password stored?
Neither password or hash are stored anywhere, lifetime of the password is limited by encryption\decryption of the RSA private key.
Where and what hash algorithm is used?
RMAD uses SHA256 password hash to get password-based keys to encrypt\decrypt RSA private key. Hash is not currently salted however in an upcoming release of RMAD this will be changed to use a salted hash.
How backup is read?
RMAD reads RSA private key from backup and try to decrypt it using key derived from the entered password. Then it reads AES256 key and decrypts the it using RSA private key.
How does RMAD know that password is incorrect?
There is a verification data in the backup which is encrypted in the same way as a backup data. The verification data contains some random values and its hash. RMAD tries to decrypt the verification data and check the hash value.
Encryption Process:
- User enters a password.
- Get the password hash P.
- Generate RSA key A = (Ae, Ad), here is Ad is private key and encrypted with P.
- Generate AES256 key K.
- Get Ke which is K encrypted with Ae.
- Store Ke and Ad in the backup.
- Use K to encrypt the data.
- Note that key A is generated on console and sent to backup agent.
Decryption Process (e.g. extract, restore):
- User enters a password.
- Get the password hash P.
- Read Ad from the backup.
- Decrypt the Ad using P.
- Read Ke from the backup.
- Decrypt Ke using Ad.
- Use K to decrypt the data.
RPC_C_AUTHN_LEVEL_PKT_PRIVACY (the most secure) protection level is used for all console-agent RPC requests, so all the data sent to/from the backup agent is encrypted.
Secondly, if the backup password protection is enabled, the backups are encrypted on agent side on the DC and then sent to the RMAD server already encrypted.
RPC_C_AUTHN_LEVEL_PKT_PRIVACY (the most secure) protection level is used for all console-agent RPC requests, so all the data sent to/from the backup agent is encrypted. Secondly, if the backup password protection is enabled, the backups are encrypted on agent side on the DC and then sent to the RMAD server already encrypted.