Elegant, and it works. I made two keypairs (risby-sign and risby-encrypt) and put risby-sign.key and risby-encrypt.cert) into the PEM file specified in "PKI Keypair =". The fd process restarted fine,
I'm curious about encryption; specifically, encrypting the data on the client-side before the storage daemon lays it down to tape. I've read http://www.bacula.org/en/dev-manual/Data_Encryption.html,
Author: Kevin Keane <subscription AT kkeane DOT com>
Date: Tue, 17 Feb 2009 07:07:19 -0800
Hi, Disclaimer: I haven't used bacula encryption. Just read the documentation and used to teach PKI. With a PKI, you don't usually protect from physical seizure by avoiding the user of the private ke
Author: Martin Simmons <martin AT lispworks DOT com>
Date: Tue, 17 Feb 2009 16:48:26 GMT
That sounds backwards to me. Shouldn't the encrypter (backup) use the public key to keep the data safe? Then only the decrypter (restore) can read the data, using the private key. The private key is
Author: Landon Fuller <landonf AT bikemonkey DOT org>
Date: Tue, 17 Feb 2009 20:24:02 -0800
That sounds backwards to me. Shouldn't the encrypter (backup) use the public key to keep the data safe? Then only the decrypter (restore) can read the data, using the private key. Right. A symmetric
Thanks to Martin and Landon both for confirming this. I was aware of the existence of the session key, but stupidly skated over it in my original post. I can live with that; data authentication isn't
Author: Martin Simmons <martin AT lispworks DOT com>
Date: Wed, 18 Feb 2009 11:18:34 GMT
You would need to modify the source. __Martin -- Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterp
Author: Martin Simmons <martin AT lispworks DOT com>
Date: Wed, 18 Feb 2009 11:26:09 GMT
Does the private key have to be the one associated with the public key? It looks like the code loads them separately, so perhaps another solution is to use two key pairs and make a pem file containi
Author: Landon Fuller <landonf AT bikemonkey DOT org>
Date: Wed, 18 Feb 2009 10:43:34 -0800
The private key is needed during backup if you use PKI Signatures. Right. Currently, enabling PKI encryption also enables signing, but the encryption implementation does not require this, and the pr
Author: Landon Fuller <landonf AT bikemonkey DOT org>
Date: Wed, 18 Feb 2009 10:58:05 -0800
... and signatures could still be verified. Spoke a little too soon. Signatures are written out with the x509 subjectkeyidentifier from the public key. A mismatched pair would need to have matching