>>>>> On Mon, 25 Jan 2010 09:26:53 +0000, Conor O'Callaghan said:
>
> 2010/1/22 Martin Simmons <
martin AT lispworks DOT com>
>
> > >>>>> On Fri, 22 Jan 2010 10:31:39 +0000, Conor O'Callaghan said:
> > >
> > > 2010/1/21 Martin Simmons <
martin AT lispworks DOT com>
> > >
> > > > >>>>> On Wed, 20 Jan 2010 17:23:34 +0000, Conor O'Callaghan said:
> > > > >
> > > > > Hi everyone,
> > > > >
> > > > > Client/Server both 3.02 on linux x64
> > > > >
> > > > > I have made some encrypted backups from my client, I can successfully
> > > > > recover from the backup using bconsole. When I try to simulate a
> > machine
> > > > > crash, by using another machine with the keys and config from the
> > > > original
> > > > > client, I get the following errors on restoration of files. The files
> > > > appear
> > > > > to restore correctly regardless of the error relating to the
> > encryption
> > > > > missing.
> > > > >
> > > > >
http://pastebin.ca/1759144 and
http://pastebin.ca/1759151 ( most
> > recent
> > > > )
> > > > >
> > > > > Is there any way to resolve this issue? Or is it normal since the
> > machine
> > > > > has changed? I have found very little relating to this issue in the
> > > > > archives.
> > > >
> > > > The "Missing cryptographic signature" message is generated after the
> > file
> > > > has
> > > > been restored, which is why the files appear OK. I'm not sure why that
> > > > would
> > > > happen, but it means that restore failed to find the signature that
> > should
> > > > have been generated when the file was backed up. Maybe the PKI
> > > > configuration
> > > > is incorrect or you changed it between backup and restore?
> > >
> > > I am just thinking that the issue might be caused by the fact that the
> > keys
> > > were generated on the original client box, I didn't import them in the
> > new (
> > > recovery ) box, simply put them on disk and pointed the bacula
> > configuration
> > > to them ( identical to the client ). Could that be the cause? I may be
> > able
> > > to investigate further today.
> >
> > AFAIK, there is no need to import them (or indeed anywhere to import them
> > to).
> > The keys must have been used, because otherwise you couldn't decrypt the
> > backup.
> >
> > That error would also be generated if the signature was not recorded. Are
> > you
> > 100% sure that it was actually encrypted and signed? What does the restore
> > do
> > on the original box if you remove the pki lines from the config? Also look
> > at
> > the output of bscan -v -v -r path-to-volume, to check for Stream=22
> > (encrypted
> > data) and Stream=19 (signature). The output will be large, so I suggest
> > writing it to file.
>