encryption key
Up to Dispersed Storage Users
Posted by
Hi!
I want to test cleversafe and I'm wondering what to do if I lose my encryption key. If I have used the cleversafe's encryption codec.
How to rebuild my data?
thanks a lot
Previously Antoine Bréjuin wrote:
Hi!
I want to test cleversafe and I'm wondering what to do if I lose my encryption key. If I have used the cleversafe's encryption codec.
How to rebuild my data?
thanks a lot
Hello Antoine,
If you lost your encryption key your data would be unavailable to you. This is by design, there are no back-door recovery systems in place. Therefore you should always maintain a copy of your encryption key (on a thumb drive, CD, etc) in a secure location.
In addition, there is soon-to-come functionality where multiple users can have access to the same vault, and each can access the data with their own encryption key. Under such a scenario, if one user lost their encryption key, the other could grant access back to the user.
I hope this answer is helpful,
Jason
This answer is very helpful, thanks.
However, I have another question.
I have setted up Cleversafe with 4 nodes and 1 accesser, it's works to save data from the source computer because the storage capacity available decrease on each slicestor but when I delete data from the source computer the storage capacity available doesn't increase on each nodes of my Cleversafe. Data deleted are no more available from the source computer but the storage capacity on each nodes haven't modified.
Thanks
Antoine
Previously Antoine Bréjuin wrote:
This answer is very helpful, thanks.
However, I have another question.
I have setted up Cleversafe with 4 nodes and 1 accesser, it's works to save data from the source computer because the storage capacity available decrease on each slicestor but when I delete data from the source computer the storage capacity available doesn't increase on each nodes of my Cleversafe. Data deleted are no more available from the source computer but the storage capacity on each nodes haven't modified.
Antoine,
I apologize for the delay in getting back to you. The current access mechanism provided by our software is iSCSI, which presents itself as a block device to your computer (as would a hard drive). This block device, in turn is formatted with a file system which is a layer in between the block device we present and the files you add and remove.
However, there is no delete nor mark-as-freed operation that can be done upon a block device. Block devices only support read/write operations. The filesystem itself manages information about which blocks are free and can be re-used, but it does not signal the underlying block device as to which blocks can be deleted.
This is not to say that the utilization will grow forever on the slicestors. If you were to add a bunch of files, delete them, then add more files, the filesystem may allocate the space in a way to reuse blocks that previously stored the content of deleted files. The amount of utilization on the slicestors will never exceed some fixed ammount corresponding to the size of block device and IDA parameters, however it will also never shrink either.
It is important to keep in mind this is the nature of block devices, one cannot delete a block from a hard drive, only read or write to it. Soon we will be releasing other interfaces to dsNets, including webDAV which is file based. Under this scheme, you will be able to delete files and reclaim useable space on the Slicestors.
Best Regards,
Jason
Previously jresch wrote:
Previously Antoine Bréjuin wrote:
This answer is very helpful, thanks.
However, I have another question.
I have setted up Cleversafe with 4 nodes and 1 accesser, it's works to save data from the source computer because the storage capacity available decrease on each slicestor but when I delete data from the source computer the storage capacity available doesn't increase on each nodes of my Cleversafe. Data deleted are no more available from the source computer but the storage capacity on each nodes haven't modified.
Antoine,
I apologize for the delay in getting back to you. The current access mechanism provided by our software is iSCSI, which presents itself as a block device to your computer (as would a hard drive). This block device, in turn is formatted with a file system which is a layer in between the block device we present and the files you add and remove.
However, there is no delete nor mark-as-freed operation that can be done upon a block device. Block devices only support read/write operations. The filesystem itself manages information about which blocks are free and can be re-used, but it does not signal the underlying block device as to which blocks can be deleted.
This is not to say that the utilization will grow forever on the slicestors. If you were to add a bunch of files, delete them, then add more files, the filesystem may allocate the space in a way to reuse blocks that previously stored the content of deleted files. The amount of utilization on the slicestors will never exceed some fixed ammount corresponding to the size of block device and IDA parameters, however it will also never shrink either.
It is important to keep in mind this is the nature of block devices, one cannot delete a block from a hard drive, only read or write to it. Soon we will be releasing other interfaces to dsNets, including webDAV which is file based. Under this scheme, you will be able to delete files and reclaim useable space on the Slicestors.
Best Regards,
Jason
Hi, I have another question about encryption.
I wanted to set up a vault with encryption so I add in a vault file a line about slice encryption codec :
<vault:codec kind="Codec.Encryption" referral="aes-128-cbc-pkcs5-essiv" version="1"/>
I followed one of your documentation to write this.
When I attempt to create the vault, an error message appeared and in logs error is because of the referral.
Could you help me?
thanks
Antoine,
Which version of the software are you currently using? It is possible that you are using an older open source version which did not include the CipherCodec implementation, or it may be missing the referral from the core-org-bindings.xml file.
If you can find the core-org-bindings.xml file, the referral should look like this:
<bindns:implementation class="org.cleversafe.codec.encryption.secretkey.CipherCodec" referral="aes-128-cbc-pkcs5-essiv" minVersion="1.0" maxVersion="1.0">
<bindns:param name="transformation">
<eval:literal type="string" value="AES/CBC/PKCS5Padding"/>
</bindns:param>
<bindns:param name="use-essiv">
<eval:literal type="boolean" value="true"/>
</bindns:param>
<bindns:param name="key-size">
<eval:literal type="int" value="128"/>
</bindns:param>
</bindns:implementation>
If adding that still does not help, you may need to download a more recent version version of our software.
Jason
Hi, I have another question about encryption.
I wanted to set up a vault with encryption so I add in a vault file a line about slice encryption codec :
<vault:codec kind="Codec.Encryption" referral="aes-128-cbc-pkcs5-essiv" version="1"/>
I followed one of your documentation to write this.
When I attempt to create the vault, an error message appeared and in logs error is because of the referral.
Could you help me?
thanks
Hi,
I'm using the Cleversafe release 1.0 and it doesn't work with adding lines you gave me.
What can I do ?
Thanks
Previously jresch wrote:
Antoine,
Which version of the software are you currently using? It is possible that you are using an older open source version which did not include the CipherCodec implementation, or it may be missing the referral from the core-org-bindings.xml file.
If you can find the core-org-bindings.xml file, the referral should look like this:
<bindns:implementation class="org.cleversafe.codec.encryption.secretkey.CipherCodec" referral="aes-128-cbc-pkcs5-essiv" minVersion="1.0" maxVersion="1.0">
<bindns:param name="transformation">
<eval:literal type="string" value="AES/CBC/PKCS5Padding"/>
</bindns:param>
<bindns:param name="use-essiv">
<eval:literal type="boolean" value="true"/>
</bindns:param>
<bindns:param name="key-size">
<eval:literal type="int" value="128"/>
</bindns:param>
</bindns:implementation>
If adding that still does not help, you may need to download a more recent version version of our software.
Jason
Hi, I have another question about encryption.
I wanted to set up a vault with encryption so I add in a vault file a line about slice encryption codec :
<vault:codec kind="Codec.Encryption" referral="aes-128-cbc-pkcs5-essiv" version="1"/>
I followed one of your documentation to write this.
When I attempt to create the vault, an error message appeared and in logs error is because of the referral.
Could you help me?
thanks
