Todd T. Fries wrote:

- support public key encryption type of schemes 'pgp' or 'openssl' style
  methods

You should read the SECURITY-API file in the docs directory, that's the

- support signing the data (instead of a crc or sha1 or rmd160), one
  can use pgp, gpg, or openssl for this

Not sure if one could call that a "compression" scheme or what...  That
would be the usual kluge in the current versions of Amanda, configure it
to use /usr/local/bin/compress_and_sign instead of /usr/bin/gzip, and make
compress_and_sign a program that compresses and signs the archives. Then
archives that you compress on the client side would be signed, and the
"uncompress" operation would check the signatures.

- Would there be a way for individual users to restore their own files without compromising system security (aka currently, anyone who is allowed access to

  amanda via 'amrecover' can restore any file).

  * the indexing would have to include better file permissions/ownership
    information so amrecover could tell who owns the files on the tape
  * amrecover (and any code it calls) would have to be thorougly reviewed for
    setuid safety.
  * You would have to have it amrestore the files into a /tmp directory
    that the user can't get at, then change the modes so the user can
    read it when you're done; otherwise you would have to fix amrecover,
    tar, and all the {ufs,vfs,...}restore utilities to be symlink-race-proof;
    and that's not likely to happen any time soon.
Then you could make amrecover setuid and off you'd go.

aka the above suggestions of encryption/signing are for storage in the
holding disk (since I have configured mine to be _the_ place data is stored,
tape drive not hooked up yet), or to tape.  To do this of course the amanda

user would have to have access to the keys.

You would probalby want to give your amanda user its own PGP key, and have
everyone sign the data and encrypt it to the amanda user...