Bacula-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Bacula-users] Unable to restore some encrypted Windows 2003 backups with master.pem

2012-04-14 07:55:39
Subject: Re: [Bacula-users] Unable to restore some encrypted Windows 2003 backups with master.pem
From: Hugo Letemplier <hugo.let.35 AT gmail DOT com>
To: Martin Simmons <martin AT lispworks DOT com>
Date: Sat, 14 Apr 2012 13:53:37 +0200 
2012/4/11 Martin Simmons <martin AT lispworks DOT com>:
>>>>>> On Wed, 4 Apr 2012 16:59:58 +0200, Hugo Letemplier said:
>>
>> Hello, I have tested encryption/decryption on many bacula backups but
>> one job is tricky
>>
>> I have Linux, MacOSX and Windows 2003 servers
>> I have master.cert and one fd.pem for encryption on each client.
>> fd.pem is specific for each client
>> master.cert is on every client and allow to decrypt with the "secret"
>> master.pem in the case we loose the specific backup key.
>>
>> My bacula server is unable to restore 1 of my three Windows servers
>> using the master.pem keypair
>
> Saying "unable to restore" is too vague -- what is the error message?
>

I wanted to say that Master encryption/decryption doesn't work
although the client specific encryption/decryption works
It's just saying :

Error: Missing private key required to decrypt encrypted backup data.


>> With bacula, I used an SQLQuery to check all the master.pem certificates.
>>
>> SELECT DISTINCT
>>   path.path,
>>   file.md5,
>>   job.starttime,
>>   client.name
>> FROM
>>     public.client,
>>     public.file,
>>     public.filename,
>>     public.path,
>>     public.job
>> WHERE
>>     client.clientid = job.clientid AND
>>     file.jobid = job.jobid AND
>>     file.filenameid = filename.filenameid AND
>>     file.pathid = path.pathid AND
>>     filename.name = 'master.cert'
>> ORDER BY file.md5,client.name,path.path,job.starttime
>>
>> Result shows me that md5 hash are different on different OS
>> ex 1 hash on all osx server, one hash on all linux server
>>
>> But on windows md5 are always different whatever is the machine !
>
> That is probably OK.  The backup on Windows will include various other data
> about the file which could vary between machines (assuming you didn't set
> portable=yes in the fileset).
>

Ok so file attributes may be included in the md5 hash

>
>> 2 of my three windows machines uses the same bacula 5.0.3 binaries
>> downloaded from the bacula Repo
>
> Where did the third binary come from?

Humm finally this is wrong, in fact all 3 installs of bacula for
Windows were from the same package.

>
> Which one fails to restore?
>
> Is it definitely using the correct bacula-fd.conf?  E.g. try temporarily
> deleting the master.pem file and see if the bacula-fd fails to start.

The file daemon with master.pem is decrypting every other backup fine
(linux, mac windows) so it can't come from the restore FD but more
from the backup fd when it loads the master.cert that contains the
master public key.


Thanks for your help

Hugo

------------------------------------------------------------------------------
For Developers, A Lot Can Happen In A Second.
Boundary is the first to Know...and Tell You.
Monitor Your Applications in Ultra-Fine Resolution. Try it FREE!
http://p.sf.net/sfu/Boundary-d2dvs2
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Bacula-users] Different director and storage (in separate hw)?, Timo Neuvonen
Next by Date:  Re: [Bacula-users] Different director and storage (in separate hw)?, Silver Salonen
Previous by Thread:  Re: [Bacula-users] Unable to restore some encrypted Windows 2003 backups with master.pem, Martin Simmons
Next by Thread:  Re: [Bacula-users] Unable to restore some encrypted Windows 2003 backups with master.pem, Martin Simmons
Indexes:  [Date] [Thread] [Top] [All Lists]