c-treeACE advanced encryption (AES, Blowfish, Twofish, 3DES) requires a master password to protect encrypted file access.Before starting c-treeACE for the first time with Advanced
Encryption enabled, the Administrator must use the ctcpvf utility to create the master password
verification file. Each time c-treeACE starts, it promts for the master password to allow it to open encrypted files.
ctcpvf creates the master password verification file. It accepts optional parameters: filename (the
file name to create) and password (the master password). If the parameters are not given, ctcpvf
will prompt for the required information.
usage: ctcpvf [-c <cipher>] [-f <filename>] [-k <key>] [-s <store>] -c <cipher> use encryption cipher <cipher>
Supported ciphers: aes256 aes128 Default is aes256
-f <filename> create password verification file <filename> Default is ctsrvr.pvf
Administrator Utilities
-k <key> use <key> as the master key
-s [<store>] store key in encrypted file <store> Default is ctsrvr.fkf
-syslevel (V11 and later) create encrypted store file with system-level encryption: all user accounts on the system can decrypt it
Note: If you don't use the -syslevel switch, you must run the c-treeACE Server under the same user account that was used to run the ctcpvf utility that created the master key store file. Using
the -syslevel switch creates the master key store file so that it can be opened by any user
account on that machine, which allows you to run the c-treeACE Server under any user account on the system. (See Advanced encryption master key store encrypted at system level on Windows (page 84).)
Note: c-treeACE looks for the file ctsrvr.pvf in the server binary area, so this file name should be specified.
Key Store Option
By default, this master key must be presented to c-treeACE on startup as prompted. However, this prompted interaction is not always possible. Consider the case of a failover strategy for business continuity, or the case where no single person should ever know the complete key as keys are built from random secure key generators. c-treeACE supports a key store file to provide this key value at startup.
The ctcpvf utility -s option is used to select the master key length, and to write the master key to an encrypted keystore file <store>.
The c-treeACE configuration option MASTER_KEY_FILE specifies the key store file, <store>, from which c-treeACE reads the master encryption key. On Linux and Unix systems, the master key is stored AES encrypted in a file on disk, with permissions set such that only the user that created the file can read it (permissions are set to 400). For complete security, it is important to use filesystem access safeguards to fully protect this key store file.
Note: The key file (or user key on Linux and Unix) is encrypted using AES. The encryption is intended to only prevent casual inspection of the data when the file's contents are viewed. The permissions on the file are the defense against an unauthorized user reading the file. The Windows master key approach uses the Microsoft DPAPI to encrypt data with user credentials, and only that user can decrypt the file. Unix support is a bit weaker in this regard as it relies on file permissions, which can potentially be changed such that another user could read and decrypt the key.
Administrator Utilities
Advanced encryption master key store encrypted at system level on
Windows
In V11 and later, support has been added for creating an advanced encryption master key store encrypted at the system level on Windows. Prior to this revision, the encrypted master key store
file created by the ctcpvf utility on Windows could only be decrypted by the user account that
created the file. This made it difficult to set up a Windows service that is using the LocalSystem
account to be able to read the encrypted master key store file. (The ctcpvf utility had to be run as
LocalSystem when creating the master key store.)
An option has been added to the ctcpvf utility to create the encrypted store using system-level
encryption, meaning that any user account on the system can decrypt the file. Use the ctcpvf
utility's -syslevel option to use this feature. Example: ctcpvf -k mymasterkey -s ctsrvr.fkf -syslevel
This option has been added to the ctadmn utility's "Change advanced encryption master
password" option. Example:
Enter the name of the filename list file >> files.txt
Enter the current advanced encryption master password >> **************** Enter the new advanced encryption master password >> ****************** Please confirm the new master password by entering it again:
Enter the new advanced encryption master password >> ****************** Enter the encryption level [U]ser or [S]ystem for the encrypted store >> u
Changing master password for the specified files...
Successfully changed the advanced encryption master password.
See ctadmn.c for an example showing how to call the SECURITY() function with mode of SEC_CHANGE_ADVENC_PASSWD to change the master key. If you want to create the master key encrypted store using the system-level encryption option, OR in the ctENCMODsysl bit to the
options field of the ctENCMOD structure whose address you pass to SECURITY().
Administrator Utilities