Re: encryption with 2.5.0b2
2006-02-22 18:39:00
Josef Wolf wrote:
Hello!
Now that 2.5.0b2 seems to run pretty stable, I'd like to try the new
encryption functionality. I've read wiki.zmanda.com/index.php/Encryption,
but have still some questions:
- What is the point to uuencode and encrypt (with gpg) random data to
generate the key? Since the passphrase is stored on the same host,
protecting the key with the passprase is not of much use (IMHO).
It illustrates the method of using multi-key which a strong point of
aespipe. And it's a symmetric encryption and to facilitate automatic
backup, the passphrase has to be stored somewhere.
- Why using aespipe at all? Is there any reason not to use gpg?
AFAICS, aespipe introduces only an additinal layer of complexity.
Amanda users have used aespipe in the past, so it's there.
I believe aespipe gives better performance since gpg is doing more
than just encryption.
Yes, gpg will work as well. You can even use gpg to deploy public-key
encryption on Amanda.
- Since the server says whether/which encryption is to be used, the
server can request unencrypted backups from the client. This
implies that the server has to be trusted.
Use "auth ssh/krb4/krb5" to enable transport encryption.
--
Thank you!
Kevin Till
Amanda documentation: http://wiki.zmanda.com
Amanda forums: http://forums.zmanda.com
|
|
|