[SERVER-13594] Support for encrypted backups Created: 15/Apr/14  Updated: 29/Oct/15  Resolved: 29/Oct/15

Status: Closed
Project: Core Server
Component/s: Admin, Security
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Major - P3
Reporter: Andreas Nilsson Assignee: Unassigned
Resolution: Won't Fix Votes: 1
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Backwards Compatibility: Fully Compatible
Participants:

 Description   

When performing a backup/restore using mongodump/mongorestore it should be possible to specify a password protecting the backup.

Suggested implementation:
1. The user inputs a password to the mongodump tool.
2. A random salt is created.
3. The password is hashed with the salt using PBKDF2 to generate an AES-256 key.
4. The file is encrypted using AES-256 in CBC mode.
5. The salt and the CBC IV is stored in a file header to retrieve for decryption.

Things to consider are which encryption library (if any) to use in mongodump/mongorestore


Generated at Thu Feb 08 03:32:14 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.