|
When performing a backup/restore using mongodump/mongorestore it should be possible to specify a password protecting the backup.
Suggested implementation:
1. The user inputs a password to the mongodump tool.
2. A random salt is created.
3. The password is hashed with the salt using PBKDF2 to generate an AES-256 key.
4. The file is encrypted using AES-256 in CBC mode.
5. The salt and the CBC IV is stored in a file header to retrieve for decryption.
Things to consider are which encryption library (if any) to use in mongodump/mongorestore
|