From f9585fe7947426c0f8a75845ea1e8354dbcbe8ee Mon Sep 17 00:00:00 2001 From: deajan Date: Tue, 7 May 2024 10:53:55 +0200 Subject: [PATCH] Add default key obfuscation --- README.md | 3 +++ SECURITY.md | 6 +++++- npbackup/configuration.py | 3 +++ npbackup/key_management.py | 3 ++- npbackup/obfuscation.py | 20 ++++++++++++++++++++ 5 files changed, 33 insertions(+), 2 deletions(-) create mode 100644 npbackup/obfuscation.py diff --git a/README.md b/README.md index cae7db7..6322acb 100644 --- a/README.md +++ b/README.md @@ -59,6 +59,7 @@ Works on x64 **Linux** , **NAS** solutions based on arm/arm64, **Windows** x64 a - Full permissions including destructive operations - Encrypted data viewing requires additional password - AES-256 keys can't be guessed in executables thanks to Nuitka Commercial compiler + - External AES-256 keys are obfuscated - Easy configuration via YAML file (or via GUI) - Remote automatic self upgrade capacity - Included upgrade server ready to run in production @@ -236,6 +237,8 @@ We also compile our linux target on RHEL 7 in order to be compatible with reason arm and arm64 builds are compiled on Debian stretch for use with glibc > 2.24. Additionnaly, arm builds are compiled without GUI support since they're supposed to fit on smaller devices like NAS / Raspberries. +On most Linux distributions, you might get your glibc version by running `find /usr -name "libc.so.6" -exec "{}" \;` + ## Smart shield, antivirus and reputation Official binaries for Windows provided by NetInvent are signed with a certificate, allowing to gain trust and reputation in antivirus analysis. diff --git a/SECURITY.md b/SECURITY.md index 22ccce7..42f4546 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -54,4 +54,8 @@ Also, when wrong password is entered, we should wait in order to reduce brute fo # NPF-SEC-00010: Date attacks When using retention policies, we need to make sure that current system date is good, in order to avoid wrong retention deletions. -When set, an external NTP server is used to get the offset. If offset is high enough (10 min), we avoid executing the retention policies. \ No newline at end of file +When set, an external NTP server is used to get the offset. If offset is high enough (10 min), we avoid executing the retention policies. + +# NPF-SEC-00011: Default AES key obfuscation + +Using obfuscation() symmetric function in order to not store the bare AES key. \ No newline at end of file diff --git a/npbackup/configuration.py b/npbackup/configuration.py index 196b4f3..440f68f 100644 --- a/npbackup/configuration.py +++ b/npbackup/configuration.py @@ -46,9 +46,12 @@ try: except ImportError: EARLIER_AES_KEY = None except ImportError: + # If no private keys are used, then let's use the public ones try: from npbackup.secret_keys import AES_KEY + from npbackup.obfuscation import obfuscation + AES_KEY = obfuscation(AES_KEY) IS_PRIV_BUILD = False try: from npbackup.secret_keys import EARLIER_AES_KEY diff --git a/npbackup/key_management.py b/npbackup/key_management.py index 2635bc4..5aa3f03 100644 --- a/npbackup/key_management.py +++ b/npbackup/key_management.py @@ -8,6 +8,7 @@ __intname__ = "npbackup.get_key" import os from command_runner import command_runner +from npbackup.obfuscation import obfuscation def get_aes_key(): @@ -32,4 +33,4 @@ def get_aes_key(): msg = f"Cannot run encryption key command: {output}" return False, msg key = output - return key \ No newline at end of file + return obfuscation(key) diff --git a/npbackup/obfuscation.py b/npbackup/obfuscation.py new file mode 100644 index 0000000..a0525bf --- /dev/null +++ b/npbackup/obfuscation.py @@ -0,0 +1,20 @@ +#! /usr/bin/env python +# -*- coding: utf-8 -*- +# +# This file is part of npbackup + +__intname__ = "npbackup.obfuscation" + + +# NPF-SEC-00011: Default AES key obfuscation + + +def obfuscation(key: bytes) -> bytes: + """ + Symmetric obfuscation of bytes + """ + if key: + keyword = b"/*NPBackup 2024*/" + key_length = len(keyword) + return bytes(c ^ keyword[i % key_length] for i, c in enumerate(key)) + return key