>>>>> On Tue, 17 Feb 2009 07:07:19 -0800, Kevin Keane said:
> 
> > The above manual page on data encryption says that the encryption involves 
> > three steps:
> >
> >     1. The File daemon generates a session key.
> >     2. The FD encrypts that session key via PKE for all recipients (the 
> > file daemon, any master keys).
> >     3. The FD uses that session key to perform symmetric encryption on the 
> > data.
> >
> > None of that seems to me to require the client's private key; only the 
> > public one.
> Step 2 requires the FD's private key, I think - the documentation isn't 
> explicit on which key it uses for the encryption. But the private key is 
> the one that would make the most sense here. Otherwise, anybody who has 
> access to the public master key could access the backup.

That sounds backwards to me.  Shouldn't the encrypter (backup) use the public
key to keep the data safe?  Then only the decrypter (restore) can read the
data, using the private key.

The private key is needed during backup if you use PKI Signatures.

__Martin

------------------------------------------------------------------------------
Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA
-OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise
-Strategies to boost innovation and cut costs with open source participation
-Receive a $600 discount off the registration fee with the source code: SFAD
http://p.sf.net/sfu/XcvMzF8H
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users