Encryption key in plain text in backup directory. Security issue?

[GalacticSun]

I'm new to Vorta and just trying to learn more about the encryption keys. When setting up my profile I opted to use a passphrase and an encryption key ("repokey/blake2") and it created an entry in the config file in the backup directory that contains that key, in plain text. It appears that Vorta needs that key in that file in that location to operate. If the backup dir is on a portable USB device and that device is stolen, then they have the encryption key. Isn't that a security concern? Thanks.

[goebbe]

@GalacticSun My understanding is that the repokey itself is virtually useless without the passphrase, i.e. you cannot decrypt the backup with the repokey only. If you use a passphrase, you always need both, the repokey and the passphrase.

Since Vorta/ borg use strong encryption, it is considered save, to use repokey (i.e. storing the keyfiles with the repository) in combination with a strong passphrase. This is why Vorta uses repokey by default.

Obviously, you have to use a strong passphrase!

Note that you could also opt for keeping the encryption key in your home directory: Choose "Keyfile-Blake2 (Key stored in home directory)", in the advanced options, when creating a new repository. But then you should take care to not delete/ lose your keyfile, since it would be impossible to decrypt your backup without it.

[GalacticSun]

Thanks, I appreciate our discussion and your points. I agree that it's up to the user and "how secure is secure". True enough. I guess my concern is more for newbies to Vorta/Borg, like myself, and understanding its security. In providing a key like they do, though, you'd think it would be an actually useful security measure and not just window dressing.

I also agree that forcing people into "better security" is not right. But educating them is, for sure. Do you think this is a Vorta or a Borg thing?

[goebbe]

Passphrase protection is probably well understood by a large share of Vorta users. So presumably everybody understands that it is crucial to use a secure passphrase. If you want it even more secure, Vorta provides the option of using local keyfiles - but this is considered as advanced use case - where the user should know what he is doing:

• it is impossible to memorize a keyfile, but you could easily build a long passphrase that can be memorized
  • therefore, if you lose/ delete/ destroy your keyfile, there is no way to access/ restore the backups
• the keyfile is probably saved somewhere in your home directory, everybody, who has access to your home directory can read/ copy the keyfile. If your system is not correctly configured, other users on your computer could read your keyfile too.

My feeling is that Vorta / borg users are expected to read the docs, at least for advanced use cases.

By the way, everybody is free to write his private blog about how to harden Vorta or how to use local keyfiles etc. ;-) And in a way, by discussion this topic openly, we are just about contributing to the (informal) documentation.

[GalacticSun]

I agree that passphrase protection is well understood, but I don't think encryption keys are as well understood.

Encryption keys do provide enhanced security, and I think it is up to the devs to provide proper guidance in their docs as to how they implemented them. But I don't think they have, unfortunately. And, by putting 'repokey' as the default option that it's a less secure choice as it exposes the key in the backup repository, which, as I've pointed out, appears to me to be a security flaw, compromising 50% of one's security if they are using a key, essentially rendering a key useless, thus invalidating the idea that encryption keys provide added security.

Yes, Vorta users are expected to read the docs, which brings me back to an earlier point I made: regarding this issue, I haven't seen any.

And, sure, I could blog about it, but I don't have or want a tech blog. This is entirely on the devs, imho, since it's their product (albeit free). Hopefully this discussion can raise some awareness about this issue, unless I'm missing something about encryption keys (and I very well may be!). ;)

[goebbe]

@GalacticSun May I ask questions about your setup? When creating a repo with local keyfiles, they are saved in ~/.config/borg/keys by default, right? Do you keep a backup of the keyfile, somewhere?
How would you proceed, if you want to restore on a different computer? Would it be sufficient to copy/ past the keyfile into ~/.config/borg/keys on that computer - or would you use "borg import key"?

[GalacticSun]

Hi @goebbe. It depends on what you're using (Vorta, Borg, or other Borg front-end) and how you installed it (Flatpak, apt, etc). But, yes, you'd create a backup of your keyfile somewhere. Then use it to restore when you want to. But if you're just mounting the repo to copy some files over it can use your local keyfile and is pretty seamless.
As for restoring on another computer, I think just copying and pasting it is sufficient. Haven't used "borg import key". But I'm new to Borg, too. ;)

[goebbe]

Here is a related question and the answers from borg devs: borgbackup/borg#5285

[GalacticSun]

Thanks for finding that, @goebbe, that's good info!

I think this answer should be (albeit cleaned up a bit) in the docs. A section in the docs covering keyfiles would be very helpful for those interested in using repokeys/keyfiles. It's not beneficial to leave out docs that cover the "Advanced" tab because using the options in the "Advanced" tab might be considered to be "Advanced". Even a version of the correlating explanation from the post I linked to above would be sufficient.

And the post I linked to could be expanded to explain the pros and cons of each scenario with some examples. Such as: "If you use an external USB HD for backups, don't use the repokey because if your external HD gets stolen, 50% of your security is compromised because the attacker has the key", etc. I just think things could and should be made a whole lot clearer in the docs. Especially for newbies.

[goebbe]

For general considerations about the security of passphrases / keyfile one could also refer to outside sources (if you know good sources that explain why we should use keyfiles instead of passphrases). Most of this would likely apply to many different scenarios.
If you want to push changes for the docs, you could open an issue, to ask the devs, if they would support adding some changes to the docs. The more specific your request, the higher the chances that somebody will look into this.
If the devs agree, somebody has to propose the changes to the docs (pull request). This is free software - feel free to make a proposal, if nobody else cares / has the time to work on the docs.

[GalacticSun]

Yup, I understand. Anyone can look into outside sources, but if you're going to develop free software and provide docs, I'd think they'd want to provide a bit more comprehensive docs. In this case it is simple to do. It constitutes just a few paragraphs, and it's basically already been written.

Yeah, I suppose if I want to suggest the change, I will. It just took me far too long to come to an understanding and a conclusion about this when all they had to do was put a paragraph in the docs summarizing everything. Hopefully this can save the next person a bit of time and confusion regarding using keys with this (excellent) software! ;)