This one time, at band camp, Andrew Hall wrote:
>http://security.uchicago.edu/tools/gpg-amanda/
One of the nice things about plain tar is that it can cope with stream
errors; if one block on the tape is busted then you can still recover the
rest of the backup.
A while ago (probably 4 months past) I started looking at this; I didnt'
know about the above URL. I did some testing to see if gpg could cope with
stream errors.
It turns out that there's a couple of encryption algorithms that GnuPG claims
to use that *can* cope with stream errors and continue decryption around it;
alas I don't have any of the details anymore but it should be easy to find
that out again, this time I know what I'm looking for.
The problem is that you can't get GnuPG to use that algorithm (again short
on details so please take large grain of salt), but OpenSSL does let you use
it.
I think it was the AES CBC cipher that I was looking at.
I also think there was a different problem with OpenSSL that prevented it
from being immediately useful.
Anyway, the point I'm trying to make is that you don't want to reduce the
recoverability of your tapes if you encrypt them, but I'm fairly certain
that the method GnuPG uses, described at that URL above, provides no
facility for recovery from stream errors.
--
jaq AT spacepants DOT org
http://spacepants.org/jaq.gpg
|