Re: new feature: client-side, server-side encryption dumptype option

Subject:

From:

Kevin Till <kevin.till AT zmanda DOT com>

To:

Date:

Mon, 12 Dec 2005 13:56:55 -0800

Jon LaBadie wrote:

On Sun, Dec 11, 2005 at 11:07:09AM -0800, Kevin Till wrote:
Yes, the reference encrypt script program provided is based on symmetricencryption.I'm working on the asymmetric (public/private) encryption solution. Theinfrastructure will support asymmetric encryption just fine.
Since amanda adds header information to the dump image, mdc(modification detection code) cannot be supported at this point. Otherthan that, it's working:
As amanda does not modify the actual dump image,
could "mdc" be applied to just the dump image itself
ignoring the 32K header?


Hi Jon,

I have to think about it but it could be that the binary file wasmanipulated somehow during dump and restore.

BTW, I just find a solution to the problem. It's to create ASCIIencrypted output when encrypting. So the dump file is encrypted inASCII. It passed the mdc tests during amrestore, the only side-effect isthe dump file size is increased by 35% (vs the normal, binary encryption).

So user have the choices here. If message authentication is needed,encrypt it in ASCII. Otherwise, --disable-mdc to save some disk space.



--
Thank you!
Kevin Till

Amanda documentation: http://wiki.zmanda.com
Amanda forums:        http://forums.zmanda.com

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:

vtape, new config, Brian Cuttler

Next by Date:

Re: R: Verify backup, Kevin Dalley

Previous by Thread:

Re: new feature: client-side, server-side encryption dumptype option, Jon LaBadie

Next by Thread:

Re: new feature: client-side, server-side encryption dumptype option, Greg Troxel

Indexes:

[Date] [Thread] [Top] [All Lists]