Zitat von lst_hoe02 AT kwsoft DOT de:

> Hello
>
> i wonder which of the cryptographic signatures is used and how if i
> specify in the FileSet option "signature=md5" and on the client FD
> config "PKI Signatures=yes". In the manual is stated that the "PKI
> Signatures" is not configurable but uses SHA-2 if available, otherwise
> SHA-1. This lead to the following questions:
>
> - Is the signature "upgraded" in this case to SHA-1?
> - Is one of them silently ignored if both are specified or will both
> be calculated and used?

Further digging in to this one it looks like the signature configured  
in the FileSet is stored in the DB while PKI signature is part of the  
data, so both will be used/calculated. So it boils down to the  
following:

- PKI Signature ensures that the client FD can verify on restore that  
the data are actually saved by itself signed with the private key

- PKI Encryption ensures that no one without any of the private keys  
used at backup time can read the data

- The FileSet signature (md5/sha) is used to compare (at Bacula SD?)  
if the data read are unaltered regarding the hash value stored in the  
database

With this in mind we will switch off PKI signatures to eventuelly  
(re)gain some speed.

Please let me know if i got something wrong on this topic

Thanks

Andreas



------------------------------------------------------------------------------
Got visibility?
Most devs has no idea what their production app looks like.
Find out how fast your code is with AppDynamics Lite.
http://ad.doubleclick.net/clk;262219671;13503038;y?
http://info.appdynamics.com/FreeJavaPerformanceDownload.html
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users