Amanda-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: AMANDA with GPG

2005-05-31 01:58:04
Subject: Re: AMANDA with GPG
From: Mike Delaney <mdelan AT lusars DOT net>
To: Amanda List <amanda-users AT amanda DOT org>
Date: Mon, 30 May 2005 22:17:11 -0700 
On Sat, May 28, 2005 at 08:20:42PM +0200, sgw AT amanda DOT org wrote:
> 
> Hello, amanda-users,
> 
> just a short call for opinions:
> 
> Who uses gpg-amanda, as described at
> 
> http://security.uchicago.edu/tools/gpg-amanda/ ?
> 
> I am thinking about including this in the docs and would like to hear
> your thoughts.

I was experimenting with it in combination with 2.4.4p2 a few days ago.
It definately has some limitations.

With the gzip wrapper installed on a client, but not the server, backups work
fine (once you fix the obvious redirection bug in the script), but restores
don't: 
        With amrecover, gzip gets run on the server, not the client, so
        you never get the opportunity to decrypt the backup.
        
        With amrestore, you have the same problem since amrestore has to
        be run on the server, though in this case you can manually insert
        gpg between amrestore and tar/ufsrestore/etc.

If you install the wrapper on the server as well, things get even more fun
since AMANDA uses gzip to compress the indexes - now the indexes are
encrypted, and amrecover won't work for any client.  Additionally, the private
key(s) have to live on the server, not the client since amrestore will be
trying to decrypt the backup when it decompresses.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: amanda on RedHat ES 3 backup on HDD, Gene Heskett
Next by Date:  Re: AMANDA with GPG, Jon LaBadie
Previous by Thread:  AMANDA with GPG, sgw
Next by Thread:  Re: AMANDA with GPG, Jon LaBadie
Indexes:  [Date] [Thread] [Top] [All Lists]