c-treeACE advanced encryption (AES, Blowfish, Twofish, 3DES) requires a master password to protect encrypted file access. By default, this master key must be presented to c-treeACE on startup as prompted. However, this prompted interaction is not always possible. Consider the case of a failover strategy for business continuity, or the case where no single person should ever know the complete key as keys are built from random secure key generators. c-treeACE now supports a key store to obtain this key value at startup.
The ctcpvf utility supports command-line options that can be used to select the master key cipher strength, and to write the master key to an encrypted file:
usage: ctcpvf [-c <cipher>] [-f <filename>] [-k <key>] [-s <store>]
-c <cipher> use encryption cipher <cipher>
Supported ciphers: aes256 aes128
Default is aes256
-f <filename> create password verification file <filename>
Default is ctsrvr.pvf
-k <key> use <key> as the master key
-s [<store>] store key in encrypted file <store>
Default is ctsrvr.fkf
The c-treeACE configuration option MASTER_KEY_FILE specifies a file from which c-treeACE reads the master encryption key. On Linux and Unix systems, the master key is stored AES encrypted in a file on disk, with permissions set such that only the user that created the file can read it (permissions are set to 400). For complete security, it is important to use hardened safeguards to fully protect this key store file.
Note: The key file (or user key on Linux and Unix) is encrypted using AES. The encryption is intended to only prevent casual inspection of the data when the file’s contents are viewed. The permissions on the file are the defense against an unauthorized user reading the file. The Windows master key approach uses the DPAPI to encrypt the data using the user credentials, and only that user can then decrypt the file. Unix support is a bit weaker because it relies on the file permissions, which could potentially be changed such that another user could read and decrypt the key.