>>>>> On Tue, 17 Feb 2009 20:24:02 -0800, Landon Fuller said:
> 
> > The private key is needed during backup if you use PKI Signatures.
> 
> Right. Currently, enabling PKI encryption also enables signing, but  
> the encryption implementation does not require this, and the private  
> key is not necessary for encrypting the backups.
> 
> However -- if you disable signing, there is no other validation  
> mechanism. One could add HMAC support without too much effort, but you  
> lose non-repudiation of the backups, as any recipient that can verify  
> the HMAC may also generate a valid one.

Does the private key have to be the one associated with the public key?  It
looks like the code loads them separately, so perhaps another solution is to
use two key pairs and make a pem file containing the public key of one and the
private key of the other (assuming openssl allows that)?

__Martin

------------------------------------------------------------------------------
Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA
-OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise
-Strategies to boost innovation and cut costs with open source participation
-Receive a $600 discount off the registration fee with the source code: SFAD
http://p.sf.net/sfu/XcvMzF8H
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users