Amanda-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: encryption with 2.5.0b2

2006-02-22 18:39:00
Subject: Re: encryption with 2.5.0b2
From: Kevin Till <kevin.till AT zmanda DOT com>
To: amanda-users AT amanda DOT org
Date: Wed, 22 Feb 2006 15:34:44 -0800 
Josef Wolf wrote:

Hello!

Now that 2.5.0b2 seems to run pretty stable, I'd like to try the new
encryption functionality.  I've read wiki.zmanda.com/index.php/Encryption,
but have still some questions:

- What is the point to uuencode and encrypt (with gpg) random data to
  generate the key?  Since the passphrase is stored on the same host,
  protecting the key with the passprase is not of much use (IMHO).
It illustrates the method of using multi-key which a strong point of aespipe. And it's a symmetric encryption and to facilitate automatic backup, the passphrase has to be stored somewhere. 




- Why using aespipe at all?  Is there any reason not to use gpg?
  AFAICS, aespipe introduces only an additinal layer of complexity.



 Amanda users have used aespipe in the past, so it's there.
I believe aespipe gives better performance since gpg is doing more than just encryption. Yes, gpg will work as well. You can even use gpg to deploy public-key encryption on Amanda. 


- Since the server says whether/which encryption is to be used, the
  server can request unencrypted backups from the client.  This
  implies that the server has to be trusted.


  Use "auth ssh/krb4/krb5" to enable transport encryption.


--
Thank you!
Kevin Till

Amanda documentation: http://wiki.zmanda.com
Amanda forums:        http://forums.zmanda.com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Solaris 10 and amanda, Ali Moeinvaziri
Next by Date:  Re: compile fail on Soalris 10 X86/AMD64, stan
Previous by Thread:  encryption with 2.5.0b2, Josef Wolf
Next by Thread:  Re: encryption with 2.5.0b2, Josef Wolf
Indexes:  [Date] [Thread] [Top] [All Lists]