|
Re: Simple backup tape encryption
2005-06-27 13:53:16
Stefan G. Weichinger wrote:
Stefan G. Weichinger wrote:
I am currently playing around with a wrapper-setup using aespipe
(http://loop-aes.sourceforge.net/).
Well, good news ... I hadn't expected that I would be able to get there
so fast, but I have something working:
I wrote a wrapper (modified and extended one, to be honest ;) for
GNU-tar, which basically adds an option to the tar-call.
This option tells tar to pipe through bz2aespipe, which is another
wrapper, this time for the aespipe-binary. I had to patch bz2aespipe
also to be able to store the Passphrase inside a file, so dumps can be
done without manual intervention.
Right now I have a vtape-setup, which does AES-encryption with amdump,
and AES-decryption with amrestore. This works fine already.
What is still missing, is the support of amrecover, seems like there's
something wrong with the index-generation, the files are there, but no
proper content ...
And it has still to be tested with separated client/server-setups, yes.
I think it should be possible to patch all this into AMANDA as well, I
will see what I can do. But this is gonna be a topic for amanda-hackers
then ;)
I will try to write a small HOWTO about my steps soon.
Stefan.
Wow, Stefan, that sounds great! I wasn't expecting such fast results.
One thing I found looking at AES tools that you may find interesting is
this:
http://aescrypt.sourceforge.net/
It has one interesting property. You give it the name of a key file on
the command line and it looks through it for a line like so:
kk=<hex key>
It ignores all other lines in the file. I was thinking that if Amanda
could ignore the kk= line, then the key could be stored in the normal
Amanda configuration file without any patching of the utility, and there
would also be no need to have another separate configuration file.
Anyway, just a thought. I should just get out of your way, though, and
let you get those encrypted backups flowing.
Thanks,
- Bruce
|
|
|
