[Bacula-users] Not working encryption
2015-07-03 10:25:33
Hi,
I'm trying to configure Bacula with FD encryption. I started with
http://www.bacula.com.br/manual/Data_Encryption.html but it doesn't work.
My environment:
bacula-dir on FreeBSD Version: 7.0.4 (04 June 2014)
bacula-fd on Debian Version: 5.2.6 (21 February 2012)
Configuration FD, at this moment I configured only FD:
##
Director {
Name = back-dir
Password = "xxx"
}
FileDaemon {
Name = client-fd
FDport = 9102
WorkingDirectory = /var/lib/bacula
Pid Directory = /var/run/bacula
Maximum Concurrent Jobs = 20
PKI Signatures = Yes
PKI Encryption = Yes
PKI Keypair = "/etc/bacula/cert.pem"
PKI Master Key = "/etc/bacula/master.cert"
}
Messages {
Name = Standard
director = cwback-dir = all, !skipped, !restored
}
###
Certs on filesystem:
root@gpgkeyserver:/etc/bacula# ls -ls master.cert cert.pem
4 -rw------- 1 root root 2977 Jul 3 13:41 cert.pem
4 -rw------- 1 root root 1285 Jul 3 13:41 master.cert
cert.pem includes cert+key
master.cert includes only master cert
###
After executing job for client with enabled encryption I can find
"Encryption: yes" in summary. It means that files should be
encrypted.
Funny thing is that I didn't five any PKI information to bacula-dir so
after all it shouldn't be possible to restore any data. At this moment I
can restore all data without master key so it indicates that encryption
is not working. Any ideas why it's not working? Maybe I'm doing it wrong?
Debug containing PKI related part from bacula-fd:
/usr/sbin/bacula-fd -c /etc/bacula/bacula-fd.conf -dt -d 1000 -f -m
03-Jul-2015 15:45:28 bacula-fd: lex.c:237-0 fget line=12 PKI
Signatures = Yes
03-Jul-2015 15:45:28 bacula-fd: parse_conf.c:925-0 parse state=1 pass=2
got token=T_IDENTIFIER
03-Jul-2015 15:45:28 bacula-fd: parse_conf.c:974-0 in T_IDENT got
token=T_EQUALS
03-Jul-2015 15:45:28 bacula-fd: parse_conf.c:980-0 calling handler for
pkisignatures
03-Jul-2015 15:45:28 bacula-fd: lex.c:237-0 fget line=13 PKI
Encryption = Yes
03-Jul-2015 15:45:28 bacula-fd: parse_conf.c:925-0 parse state=1 pass=2
got token=T_IDENTIFIER
03-Jul-2015 15:45:28 bacula-fd: parse_conf.c:974-0 in T_IDENT got
token=T_EQUALS
03-Jul-2015 15:45:28 bacula-fd: parse_conf.c:980-0 calling handler for
pkiencryption
03-Jul-2015 15:45:28 bacula-fd: lex.c:237-0 fget line=14 PKI Keypair =
"/etc/bacula/cert.pem"
03-Jul-2015 15:45:28 bacula-fd: parse_conf.c:925-0 parse state=1 pass=2
got token=T_IDENTIFIER
03-Jul-2015 15:45:28 bacula-fd: parse_conf.c:974-0 in T_IDENT got
token=T_EQUALS
03-Jul-2015 15:45:28 bacula-fd: parse_conf.c:980-0 calling handler for
pkikeypair
03-Jul-2015 15:45:28 bacula-fd: lex.c:237-0 fget line=15 PKI Master
Key = "/etc/bacula/master.cert"
03-Jul-2015 15:45:28 bacula-fd: parse_conf.c:925-0 parse state=1 pass=2
got token=T_IDENTIFIER
03-Jul-2015 15:45:28 bacula-fd: parse_conf.c:974-0 in T_IDENT got
token=T_EQUALS
03-Jul-2015 15:45:28 bacula-fd: parse_conf.c:980-0 calling handler for
pkimasterkey
03-Jul-2015 15:45:28 bacula-fd: parse_conf.c:565-0 Append
/etc/bacula/master.cert to alist 1d900f8 size=0 pkimasterkey
Kind regards,
--
jakub
------------------------------------------------------------------------------
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
|
|
|