Re: [Bacula-users] Restore with data encryption?
2011-12-21 13:41:35
> * Am Mon, Dec 19 2011 at 17:14:15 +0100 , schrieb Oliver Hoffmann:
> > Hi all,
> >
> > I do backups with data encryption. Backups as well as restores on
> > the clients work without problems.
> > Now I want to be able to do restores with the server (or another
> > one) only. The doc says that adding the following line would be
> > enough.
> >
> > PKI Keypair = "/etc/bacula/keys/master.keypair"
> >
> > So my working bacula-fd.conf on the server looks like this (just
> > the PKI part):
> >
> > PKI Signatures = Yes
> > PKI Encryption = Yes
> > PKI Keypair = "/etc/bacula/keys/server-fd.pem"
> > PKI Master Key = "/etc/bacula/keys/master.cert"
> >
> > Next I replaced server-fd.pem with master.keypair like mentioned in
> > the doc. I made the master.keypair accordingly.
> > That doesn't work. Neither putting the client-fd.pem in place.
> >
> > I got this error:
> >
> > Error: restore.c:944 Missing cryptographic signature
> > for /path/to/my/file
> >
> > Thus the question is how to do a restore on a fd other than the one
> > the Backup was made with.
>
> This looks correct. That is exactly the way we do it and it works.
> Maybe your master.keypair is broken ? Does the output of
> "openssl x509 -in /path/to/master.keypair -noout -text"
> look good ? Is the private key in the keypair-file ?
>
> Good luck,
> Christoph
>
> >
> > Thank you for enlighten me ;-)
> >
> > Oliver
> >
The keypair looks sane. I did 'cat master.key master.cert >
master.keypair' like written in the doc.
Well, I got it. The password of the master.key has to be removed!
Furthermore I saw that the keys are valid for 30 days only. Again the
doc concerning encryption is very lousy. Sorry to say that. Maybe
there'll be a more recent and complete version? At least of the TLS and
data encryption part.
Cheers,
Oliver
------------------------------------------------------------------------------
Write once. Port to many.
Get the SDK and tools to simplify cross-platform app development. Create
new or port existing apps to sell to consumers worldwide. Explore the
Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join
http://p.sf.net/sfu/intel-appdev
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
|
|
|