first commit

README.md

@@ -0,0 +1,28 @@
+# Backup
+
+Personal backup application
+
+## Threat Model
+
+### Objectives
+
+- Data is securely encrypted at rest and cannot be extracted without the repository private key
+- Data can be verified to come from any specific device
+- Without the encryption key it should be possible to make a safe guess as to what data is no longer in use.
+- Access to the repository private key requires hardware-backed multi-factor access
+- An attacker with write-access to the storage backend should not be able to modify or forge data in an unnoticeable manner
+- The backup clients cannot cause harm to the already backed-up data.
+
+### Out of scope
+
+- The owner gives an attacker both the hardware key and the password to it
+- The backup server host is compromised
+- An attacker with write-access to the storage backends deleting or otherwise destroying the data contained within.
+- An attacker with write-access to the backed up device can modify the data that is backed up
+
+### Diagrams
+
+#### Creating a repository
+![UML Diagram of repository creation](./docs/uml/create-repo.svg)
+
+

docs/uml/create-repo.uml

@@ -0,0 +1,21 @@
+@startuml
+actor User
+autoactivate on
+
+User -> Backup : Create Repository
+Backup -> Backup : generate P-256 key pair
+return keypair
+Backup -> Yubikey : Read the public key of the YubiKey
+return public key
+Backup -> Backup : Calculate ECDHE shared secret
+return shared secret
+Backup -> Backup : Generate Curve 25519 key pair
+return keypair
+Backup -> Backup : Generate encyption key from the shared secret
+return encryption key
+Backup -> Backup : Encrypt the private key with the encryption key
+return encrypted private key
+Backup -> Backend : Store the encrypted private key and public key
+return success
+return success
+@enduml