Bacula-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Bacula-users] Encryption errors

2010-01-22 06:48:06
Subject: Re: [Bacula-users] Encryption errors
From: Martin Simmons <martin AT lispworks DOT com>
To: bacula-users AT lists.sourceforge DOT net
Date: Fri, 22 Jan 2010 11:45:23 GMT 
>>>>> On Fri, 22 Jan 2010 10:31:39 +0000, Conor O'Callaghan said:
> 
> 2010/1/21 Martin Simmons <martin AT lispworks DOT com>
> 
> > >>>>> On Wed, 20 Jan 2010 17:23:34 +0000, Conor O'Callaghan said:
> > >
> > > Hi everyone,
> > >
> > > Client/Server both 3.02 on linux x64
> > >
> > > I have made some encrypted backups from my client, I can successfully
> > > recover from the backup using bconsole. When I try to simulate a machine
> > > crash, by using another machine with the keys and config from the
> > original
> > > client, I get the following errors on restoration of files. The files
> > appear
> > > to restore correctly regardless of the error relating to the encryption
> > > missing.
> > >
> > > http://pastebin.ca/1759144 and http://pastebin.ca/1759151 ( most recent
> > )
> > >
> > > Is there any way to resolve this issue? Or is it normal since the machine
> > > has changed? I have found very little relating to this issue in the
> > > archives.
> >
> > The "Missing cryptographic signature" message is generated after the file
> > has
> > been restored, which is why the files appear OK.  I'm not sure why that
> > would
> > happen, but it means that restore failed to find the signature that should
> > have been generated when the file was backed up.  Maybe the PKI
> > configuration
> > is incorrect or you changed it between backup and restore?
> 
> I am just thinking that the issue might be caused by the fact that the keys
> were generated on the original client box, I didn't import them in the new (
> recovery ) box, simply put them on disk and pointed the bacula configuration
> to them ( identical to the client ). Could that be the cause? I may be able
> to investigate further today.

AFAIK, there is no need to import them (or indeed anywhere to import them to).
The keys must have been used, because otherwise you couldn't decrypt the
backup.

That error would also be generated if the signature was not recorded.  Are you
100% sure that it was actually encrypted and signed?  What does the restore do
on the original box if you remove the pki lines from the config?  Also look at
the output of bscan -v -v -r path-to-volume, to check for Stream=22 (encrypted
data) and Stream=19 (signature).  The output will be large, so I suggest
writing it to file.

__Martin

------------------------------------------------------------------------------
Throughout its 18-year history, RSA Conference consistently attracts the
world's best and brightest in the field, creating opportunities for Conference
attendees to learn about information security's most important issues through
interactions with peers, luminaries and emerging and established companies.
http://p.sf.net/sfu/rsaconf-dev2dev
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Bacula-users] Fosdem 2010 in bruxelles : Anyone from Bacula going there ?, ebollengier
Next by Date:  Re: [Bacula-users] Encryption errors, Conor O'Callaghan
Previous by Thread:  Re: [Bacula-users] Encryption errors, Conor O'Callaghan
Next by Thread:  Re: [Bacula-users] Encryption errors, Conor O'Callaghan
Indexes:  [Date] [Thread] [Top] [All Lists]