Implement validation of NetHSM backups

The nitropy nethsm subcommand offers a validation facility for backup files (via nethsm-sdk-py).

We also need to implement something like this to verify, that created backups are valid and can be decrypted using the backup passphrase.

added nethsm scopefeature labels

Ack, seems they try to decrypt it using AES-GCM and check a couple of params in the decrypted data. Seems doable

(Just to clarify, you want additional command-line subcommand to do the verification? e.g. nethsm backup verify < backup?)

(Just to clarify, you want additional command-line subcommand to do the verification? e.g. nethsm backup verify < backup?)

Yes, probably something like nethsm system validate-backup would be great after adding a respective function to the API.

In general upstream supports to ways of verification: With and without providing backup passphrase. The former could be done automatically when doing a backup, and both (also) on the special new CLI subcommand.

I think we need to define in more detail what does it mean for the backup to be "valid". Should we use the definition that nitropy uses that is: "if we can decrypt it it's fine"?

If you check the WIP backup output there are dozens of properties we could use to provide more strict checks.

Also check out unit tests for a sample of properties we can read.

I suggest as a bare minimum check if the version is one zero byte.

changed milestone to %Virtual Test System

assigned to @dvzrv

assigned to @wiktor and unassigned @dvzrv

changed iteration to Arch Development Sprint Oct 14, 2024 - Oct 20, 2024

removed iteration Arch Development Sprint Oct 14, 2024 - Oct 20, 2024

changed iteration to Arch Development Sprint Oct 21, 2024 - Oct 27, 2024

removed iteration Arch Development Sprint Oct 21, 2024 - Oct 27, 2024

changed iteration to Arch Development Sprint Oct 28, 2024 - Nov 3, 2024

removed iteration Arch Development Sprint Oct 28, 2024 - Nov 3, 2024

changed iteration to Arch Development Sprint Nov 4, 2024 - Nov 10, 2024

mentioned in commit da920d00

mentioned in commit dc541027

mentioned in commit 388834a5

mentioned in commit d507451e

mentioned in commit 9b8d7143

mentioned in commit ea508395

mentioned in commit dacd347f

mentioned in commit 0180c99a

mentioned in commit d9e2577b

removed iteration Arch Development Sprint Nov 4, 2024 - Nov 10, 2024

changed iteration to Arch Development Sprint Nov 11, 2024 - Nov 17, 2024

mentioned in commit 5bc87c44

removed iteration Arch Development Sprint Nov 11, 2024 - Nov 17, 2024

changed iteration to Arch Development Sprint Nov 18, 2024 - Nov 24, 2024

mentioned in commit 34041435

mentioned in commit 2c5bab21

mentioned in commit 051a45ad

mentioned in commit 76f9329a

mentioned in commit 311a7337

removed iteration Arch Development Sprint Nov 18, 2024 - Nov 24, 2024

changed iteration to Arch Development Sprint Nov 25, 2024 - Dec 1, 2024

mentioned in commit 8cc3000f

mentioned in commit 76264ef5

mentioned in commit 3ff3265d

mentioned in commit 44a7ba26

mentioned in commit 130b533b

mentioned in commit 0eaf0a86

mentioned in commit 02bce120

mentioned in commit 597390c1

mentioned in commit e39ff17f

removed iteration Arch Development Sprint Nov 25, 2024 - Dec 1, 2024

changed iteration to Arch Development Sprint Dec 2, 2024 - Dec 8, 2024

mentioned in commit f54b3339

closed with commit f54b3339

closed with merge request !99 (merged)