Hey guys,
I’ve seen this question a few times in the archives but can’t find anything that matches my situation.
I have configured encryption on all my file daemons (added the four PKI options to each with separate keys for each fd)
I have no errors on startup or showing in the logs, all backup messages show Encryption : yes
Yet I am able to restore any backup from any remote system on the main server(master key is public cert only, main server fd has it’s own PKI keypair as well). I was expecting to NOT be able to do this and it has me questioning if I have
encryption working at all? Without the combined master keypair set in the main bacula-fd I was expecting to be unable to decrypt the backups from remote systems.
I do not know where to look next to track down my problem, or verify that encryption is working. I am fine with the ability to decrypt all the backups on the main server, but I must verify that encryption is working before sending this
data offsite for storage.
Tim