On Feb 17, 2009, at 8:48 AM, Martin Simmons wrote:
That sounds backwards to me. Shouldn't the encrypter (backup) use
the public
key to keep the data safe? Then only the decrypter (restore) can
read the
data, using the private key.
Right. A symmetric session key is used for each backup run, which is
encrypted for all provided public keys and stored along-side the
encrypted data. This is how the "master" public key feature is
implemented.
The private key is needed during backup if you use PKI Signatures.
Right. Currently, enabling PKI encryption also enables signing, but
the encryption implementation does not require this, and the private
key is not necessary for encrypting the backups.
However -- if you disable signing, there is no other validation
mechanism. One could add HMAC support without too much effort, but you
lose non-repudiation of the backups, as any recipient that can verify
the HMAC may also generate a valid one.
Cheers,
-landonf
PGP.sig
Description: This is a digitally signed message part
------------------------------------------------------------------------------
Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA
-OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise
-Strategies to boost innovation and cut costs with open source participation
-Receive a $600 discount off the registration fee with the source code: SFAD
http://p.sf.net/sfu/XcvMzF8H _______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
|