Amanda-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: new feature: client-side, server-side encryption dumptype option

2005-12-11 14:23:28
Subject: Re: new feature: client-side, server-side encryption dumptype option
From: Kevin Till <kevin.till AT zmanda DOT com>
To: Josef Wolf <jw AT raven.inka DOT de>
Date: Sun, 11 Dec 2005 11:07:09 -0800 
Josef Wolf wrote:

On Sat, Dec 10, 2005 at 09:12:49AM -0800, Kevin Till wrote:



Great! Thanks for your afford to bring encryption into amanda's core.

I have not taken a close look on it yet.  From the description, I have the
impression that this solution is based on symmetric encryption.
Yes, the reference encrypt script program provided is based on symmetric encryption. I'm working on the asymmetric (public/private) encryption solution. The infrastructure will support asymmetric encryption just fine.
Since amanda adds header information to the dump image, mdc (modification detection code) cannot be supported at this point. Other than that, it's working: 

$amdump

header information:
more 00001.boston.zmanda.com._usr_tmp_bacula_bacula.0
AMANDA: FILE 20051211 boston.zmanda.com /usr/tmp/bacula/bacula lev 0 comp N crypt enc program /bin/gtar client_encrypt /usr/local/bin/bin/amgcrypt client_decrypt_option -d 
To restore, position tape at start of file and run:
dd if=<tape> bs=32k skip=1 | /usr/local/bin/bin/amgcrypt -d | /bin/gtar -f... - 
^L



$amrestore-f 0 file:/backups/amanda/
amrestore: 1: restoring boston.zmanda.com._usr_tmp_bacula_bacula.20051211.0 

You need a passphrase to unlock the secret key for
user: "amanda <amanda AT zmanda DOT com>"
1024-bit RSA key, ID CF522ABC, created 2005-12-11

gpg: encrypted with 1024-bit RSA key, ID CF522ABC, created 2005-12-11
      "amanda <amanda AT zmanda DOT com>"
gpg: ring trust w/o key
gpg: WARNING: message was not integrity protected
amrestore:   2: reached end of tape: date DATE



--
Thank you!
Kevin Till

Amanda documentation: http://wiki.zmanda.com
Amanda forums:        http://forums.zmanda.com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: new feature: client-side, server-side encryption dumptype option, Josef Wolf
Next by Date:  Re: new feature: client-side, server-side encryption dumptype option, Paddy Sreenivasan
Previous by Thread:  Re: new feature: client-side, server-side encryption dumptype option, Josef Wolf
Next by Thread:  Re: new feature: client-side, server-side encryption dumptype option, Jon LaBadie
Indexes:  [Date] [Thread] [Top] [All Lists]