I have another perfectly valid reason for wanting to access my backup files: I have some Drivers and Apps code that I need to extract. These backups are for a hub I no longer have access to so I can't just log in to extract the code. Yes I can import this backup into a 2nd hub to extract the data, but I don't have any spare hubs I can sacrifice for that purpose and I shouldn't have to do that...
These backups are backups of my data, from a device I own. It seems very user hostile to me that we are locked out of accessing our own data. I cannot think of any other device or software product where users are prohibited from accessing the backups of their own data. The whole point of a backup is to give users the ability to retrieve important data in the event of some sort of failure.
If you just don't want people modifying the backups to tamper with a running system, there are better ways of accomplishing that. I've personally worked with software products that do exactly this. (I work in software) For example: Embed into the database a field with a hash of the database file itself (Salt the hash with your own secret key to ensure the user can't regenerate the hash themselves). When importing: Hash the database file and compare to the stored hash. if different: Someone tampered with the file so refuse to import.
Using encryption for this is just a really lazy hack and not a terribly good idea from a security practice standpoint. Someone who's motivated enough can crack the encryption. I'm guessing the key isn't unique to the hub, because then the backups wouldn't be portable between hubs. It's also not a key that can be easily rotated. Which means every database likely uses the same encryption key. If one motivated person cracks the key and it gets shared online, then everyone's keys are compromised.
So if you are going to use encryption it should at the very least be encrypted using a key provided by the user so that:
- If one key gets compromised, it doesn't affect anyone else.
- And secondly: Since the user provides their own key they would be able to decrypt and view their own database data. (Again, you can use a hash or other techniques to prevent users from modifying it and importing a modified database)
