docs: clarify that client-server communication is secure

This clarifies the fact that all communication between client and server
uses TLS for secure communication.

Signed-off-by: Dylan Whyte <d.whyte@proxmox.com>
This commit is contained in:
Dylan Whyte 2021-01-19 15:17:21 +01:00 committed by Dietmar Maurer
parent bf78f70885
commit 44a5f38bc4
2 changed files with 15 additions and 10 deletions

View File

@ -53,9 +53,12 @@ checksums. This manifest file is used to verify the integrity of each backup.
When backing up to remote servers, do I have to trust the remote server?
------------------------------------------------------------------------
Proxmox Backup Server supports client-side encryption, meaning your data is
encrypted before it reaches the server. Thus, in the event that an attacker
gains access to the server, they will not be able to read the data.
Proxmox Backup Server transfers data via `Transport Layer Security (TLS)
<https://en.wikipedia.org/wiki/Transport_Layer_Security>`_ and additionally
supports client-side encryption. This means that data is transferred securely
and can be encrypted before it reaches the server. Thus, in the event that an
attacker gains access to the server or any point of the network, they will not
be able to read the data.
.. note:: Encryption is not enabled by default. To set up encryption, see the
`Encryption

View File

@ -14,11 +14,12 @@ It supports deduplication, compression, and authenticated
encryption (AE_). Using :term:`Rust` as the implementation language guarantees high
performance, low resource usage, and a safe, high-quality codebase.
Proxmox Backup uses state of the art cryptography for client communication and
backup content :ref:`encryption <encryption>`. Encryption is done on the
client side, making it safer to back up data to targets that are not fully
trusted.
Proxmox Backup uses state of the art cryptography for both client-server
communication and backup content :ref:`encryption <encryption>`. All
client-server communication uses `TLS
<https://en.wikipedia.org/wiki/Transport_Layer_Security>`_, and backup data can
be encrypted on the client-side before sending, making it safer to back up data
to targets that are not fully trusted.
Architecture
------------
@ -65,8 +66,9 @@ Main Features
several gigabytes of data per second.
:Encryption: Backups can be encrypted on the client-side, using AES-256 in
Galois/Counter Mode (GCM_) mode. This authenticated encryption (AE_) mode
provides very high performance on modern hardware.
Galois/Counter Mode (GCM_). This authenticated encryption (AE_) mode
provides very high performance on modern hardware. In addition to client-side
encryption, all data is transferred via a secure TLS connection.
:Web interface: Manage the Proxmox Backup Server with the integrated, web-based
user interface.