diff options
author | Lars Wirzenius <liw@liw.fi> | 2021-01-29 08:06:09 +0200 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2021-01-29 08:06:09 +0200 |
commit | 5491e2f59e8b011fbf863a2f652a22f250a12285 (patch) | |
tree | 5f443c97579e64a1ec9ec3e961c1cb6ecea5ac2d /obnam.md | |
parent | fd99148074d6c82cde3e0426d0f8a1a644c68779 (diff) | |
download | obnam2-5491e2f59e8b011fbf863a2f652a22f250a12285.tar.gz |
doc: add outline of encryption verification scenarios
This is about the minimal set of scenarios to verify that Obnam has
some form of encryption, however simplistic. This will form a start on
which to base future work, even if that may eventually end up changing
everything.
Even the longest journey starts with a single step.
Diffstat (limited to 'obnam.md')
-rw-r--r-- | obnam.md | 40 |
1 files changed, 40 insertions, 0 deletions
@@ -1039,11 +1039,51 @@ given a manifest of the directory live restored in rest in rest.yaml then files second.yaml and rest.yaml match ~~~ +# Acceptance criteria for backup encryption +This chapter outlines scenarios, to be implemented later, for +verifying that Obnam properly encrypts the backups. These scenarios +verify only encryption aspects of Obnam. + +## Backup without passphrase fails + +Verify that trying to backup without having set a passphrase fails +with an error message that clearly identifies the lack of a +passphrase. + +## A passphrase can be set + +Set a passphrase. Verify that it's stored in a file that is only +readable by it owner. Verify that a backup can be made. + +## A passphrase stored insecurely is rejected + +Verify that a backup fails if the file where the passphrase is stored +is readable by anyone but its owner. Verify that the error message +explains that the backup failed due to the passphrase file insecurity. + +## The passphrase can be changed + +Verify that the passphrase can be changed and that backups made before +the change can no longer be restored. (Later, this requirement will be +re-evaluated, but this is simple and gets us started.) + +## The passphrase is not on server in cleartext + +Verify that after the passphrase has been set, and a backup has been +made, the passphrase is not stored in cleartext on the server. + +## A backup is encrypted + +Verify that the backup repository does not contain the backed up data +in cleartext. <!-- -------------------------------------------------------------------- --> +# Colophon + +This manual is edited in Markdown and typeset using [Subplot][]. --- title: "Obnam2—a backup system" |