juicefs icon indicating copy to clipboard operation
juicefs copied to clipboard
verified publisher icon juicedata

Better alternatives for data encryption

Open vicaya opened this issue 1 year ago • 9 comments

The current data at rest encryption design with RSA private key is both slow and insecure (crackable passphrase and not quantum safe, which is esp. problematic for data at rest). Go standard lib already deprecated RSA with passphrase. We had to explicitly suppress the compiler warning against the usage.

IMO. the following are reasonable alternatives:

  1. Use the symmetric AES-GCM instead of RSA as the KEK (key encryption key) algo with a key derived from a robust KDF, e.g. argon2id (part of go standard library). The change is easy and small. It's sufficient for personal and test deployment, where passphrases can be used.
  2. Use TOTP (and maybe other MFAs) authenticated remote secret server (suggest https://github.com/openbao/openbao, the current open source fork of hashicorp vault for cloud vendor independence) for managing KEK, similar to CMEK with KMS in cloud vendors. This is slightly more complex but still fairly straightforward. This is the preferred solution for production deployment, as only short-lived credential is exposed in multiple client nodes.

vicaya avatar Oct 25 '24 22:10 vicaya

Also related: https://github.com/juicedata/juicefs/discussions/5174

JuiceFS could learn from Restic encryption (alsor programmed in Go): https://restic.readthedocs.io/en/v0.4.0/Design/

solracsf avatar Oct 27 '24 09:10 solracsf

Restic format is already "legacy", which uses scrypt for kdf, which is a second choice after argon2id according to OWASP, AES-CTR with Poly1305-AES is also "legacy" with less support compared with AES-256-GCM or xChaCha20-Poly1305

cf. https://soatok.blog/2020/07/12/comparison-of-symmetric-encryption-methods/

vicaya avatar Oct 28 '24 18:10 vicaya

Sounds, can you send PR for these?

davies avatar Nov 08 '24 01:11 davies

Can i take this up if no one is working on it?

ab-shrek avatar Nov 13 '24 04:11 ab-shrek

Can i take this up if no one is working on it?

Sure, no one is working on this

davies avatar Nov 13 '24 14:11 davies

Hey @ab-shrek are you still working on the issue?

vivekcode101 avatar Nov 28 '24 07:11 vivekcode101

Hey @vivekcode101 I am not working on this. Feel free to take it up

ab-shrek avatar Dec 02 '24 21:12 ab-shrek

Looks like this understandably got merged in quickly :) https://github.com/juicedata/juicefs/issues/6416

Related discussion: https://news.ycombinator.com/item?id=29636429

vicaya avatar Oct 23 '25 18:10 vicaya

@vicaya I did not understand your suggestion, should we avoid using passphrase protected private key at all?

I only see Go deprecated PKCS#1 format, and PKCS#8 should be used as replacement. PKCS#8 is already supported with #3065

davies avatar Oct 24 '25 07:10 davies