[Bacula-users] restoring encrypted file - missing private key error

I'm running bacula Version: 5.0.2 (28 April 2010) on my backup server.

I am trying to restore a file that is encrypted during backup from host A
to host B and I get the following error on the failed restore:
 

22-Oct 16:28 backup1-dir JobId 40417: Start Restore Job
RestoreFiles.2013-10-22_16.28.35_19
22-Oct 16:28 backup1-dir JobId 40417: Using Device "FileStorage"
22-Oct 16:28 backup1-sd JobId 40417: Ready to read from volume
"filestorage0091" on device "FileStorage" (/backups/Bacula-FileStorage/).
22-Oct 16:28 backup1-sd JobId 40417: Forward spacing Volume
"filestorage0091" to file:block 1:817723792.
22-Oct 16:28 backup1-sd JobId 40417: End of Volume at file 1 on device
"FileStorage" (/backups/Bacula-FileStorage/), Volume "filestorage0091"
22-Oct 16:28 backup1-sd JobId 40417: End of all volumes.
22-Oct 16:28 utility2-fd JobId 40417: Error: Missing private key required
to decrypt encrypted backup data.
22-Oct 16:28 backup1-dir JobId 40417: Error: Bacula backup1-dir 5.0.2
(28Apr10): 22-Oct-2013 16:28:37
  Build OS:               i486-pc-linux-gnu debian 6.0.3
  JobId:                  40417
  Job:                    RestoreFiles.2013-10-22_16.28.35_19
  Restore Client:         HOST B
  Start time:             22-Oct-2013 16:28:37
  End time:               22-Oct-2013 16:28:37
  Files Expected:         1
  Files Restored:         1
  Bytes Restored:         0
  Rate:                   0.0 KB/s
  FD Errors:              1
  FD termination status:  Error
  SD termination status:  OK
  Termination:            *** Restore Error ***

So I've tried the restore with the host A key pair file copied to host B.
Modified the key pair file name to match the bacula-fd.conf on host b,
restarted bacula-fd on host b.
I've also copied the master cert over from the backup server and modified
bacula-fd.conf on host B to use that key pair with a restart of bacula-fd
on host b.
Both result in the error above on restore.
I've also modified the bacula-fd.conf to use the master.pem and
master.cert files.  Same error.
Running md5sum on the key pairs I have verified they are the same on both
host A and host B as well as the master cert and .pem on backup server,
host A and host B.
Below are my bacula-fd.conf files on host A and host B.

I'm stumped why this restore of encrypted file fails with missing key
error when the key pair is present and identical on both hosts as well as
restoring with the master.cert and .pem when it is the same on all hosts.
 For what its worth, I can successfully restore the encrypted file on the
host it was backed up on, Host A, with no issue.

I've exhausted my resources, any help with this would be greatly
appreciated.

HOST A bacula-fd.conf



#
# List Directors who are permitted to contact this File daemon
#
Director {
  Name = backup1-dir
  Password = "+C6cLMGyZ5pAF1ldsdZvU8ZrhVM2HY4BkplBVL+61l8v"
}

#
# Restricted Director, used by tray-monitor to get the
#   status of the file daemon
#
Director {
  Name = HOSTA-mon
  Password = "E4LSasq00M0PosQJl6cy5O32WIKtRIp3Qw9Ay"
  Monitor = yes
}

#
# "Global" File daemon configuration specifications
#
FileDaemon {                          # this is me
  Name = HOSTA-fd
  FDport = 9102                  # where we listen for the director
  WorkingDirectory = /var/lib/bacula
  Pid Directory = /var/run/
  Maximum Concurrent Jobs = 20

### BEGIN ENCRYPTION
  PKI Signatures = Yes              # Enable Data Signing
  PKI Encryption = Yes            # Enable Data Encryption
  PKI Keypair = "/etc/bacula/manage2.pem"    # Public and Private Keys
  PKI Master Key = "/etc/bacula/master.cert"    # ONLY the Public Key
### END ENCRYPTION
}

# Send all messages except skipped files back to Director
Messages {
  Name = Standard
  director = backup1-dir = all, !skipped, !restored
}




######################################
######################################

######################################


HOST B bacula-fd.conf

#
# PopCap Bacula client configuration file
# This file is distributed by cfengine
# Edit on server-lifecycle-1
#

#
# List Directors who are permitted to contact this File daemon
#
Director {
  Name = backup1-dir
  Password = "+C6cLMGyZ5pAF1ldsdZvU8ZrhVM2HY4BkplBVL+61l8v"
}

#
# Restricted Director, used by tray-monitor to get the
#   status of the file daemon
#
Director {
  Name = HOSTB-mon
  Password = "E4LSasq00M0PosQJl6cy5O32WIKtRIp3Qw9Ay"
  Monitor = yes
}

#
# "Global" File daemon configuration specifications
#
FileDaemon {                          # this is me
  Name = HOSTB-fd
  FDport = 9102                  # where we listen for the director
  WorkingDirectory = /var/lib/bacula
  Pid Directory = /var/run/
  Maximum Concurrent Jobs = 20

### BEGIN ENCRYPTION
  PKI Signatures = Yes            # Enable Data Signing
  PKI Encryption = Yes            # Enable Data Encryption
  PKI Keypair = "/etc/bacula/utility2.pem"    # Public and Private Keys
  PKI Master Key = "/etc/bacula/master.cert"    # ONLY the Public Key
### END ENCRYPTION
}

# Send all messages except skipped files back to Director
Messages {
  Name = Standard
  director = backup1-dir = all, !skipped, !restored
}


################

################
################

output from successful backup job showing encryption:   Yes


22-Oct 17:21 backup1-dir JobId 40421: Start Backup JobId 40421,
Job=HOSTA:default.2013-10-22_17.21.01_08
22-Oct 17:21 backup1-dir JobId 40421: Using Device "FileStorage"
22-Oct 17:21 backup1-sd JobId 40421: Volume "filestorage0544" previously
written, moving to end of data.
22-Oct 17:21 backup1-sd JobId 40421: Ready to append to end of Volume
"filestorage0544" size=3330847211
22-Oct 17:21 backup1-sd JobId 40421: Job write elapsed time = 00:00:01,
Transfer rate = 2.017 K Bytes/second
22-Oct 17:21 backup1-dir JobId 40421: Bacula backup1-dir 5.0.2 (28Apr10):
22-Oct-2013 17:21:03
  Build OS:               i486-pc-linux-gnu debian 6.0.3
  JobId:                  40421
  Job:                    HOSTA:default.2013-10-22_17.21.01_08
  Backup Level:           Differential, since=2013-10-22 01:52:23
  Client:                 "HOSTA" 5.0.2 (28Apr10)
x86_64-pc-linux-gnu,debian,6.0.6
  FileSet:                "HOSTA" 2013-10-16 17:44:53
  Pool:                   "Disk" (From Job resource)
  Catalog:                "MyCatalog" (From Client resource)
  Storage:                "File" (From Pool resource)
  Scheduled time:         22-Oct-2013 17:21:00
  Start time:             22-Oct-2013 17:21:03
  End time:               22-Oct-2013 17:21:03
  Elapsed time:           0 secs
  Priority:               10
  FD Files Written:       2
  SD Files Written:       2
  FD Bytes Written:       1,504 (1.504 KB)
  SD Bytes Written:       2,017 (2.017 KB)
  Rate:                   0.0 KB/s
  Software Compression:   None
  VSS:                    no
  Encryption:             yes
  Accurate:               no
  Volume name(s):         filestorage0544
  Volume Session Id:      4
  Volume Session Time:    1382459539
  Last Volume Bytes:      3,330,849,714 (3.330 GB)
  Non-fatal FD errors:    0
  SD Errors:              0
  FD termination status:  OK
  SD termination status:  OK
  Termination:            Backup OK

22-Oct 17:21 backup1-dir JobId 40421: Begin pruning Jobs older than 7
years .
22-Oct 17:21 backup1-dir JobId 40421: No Jobs found to prune.
22-Oct 17:21 backup1-dir JobId 40421: Begin pruning Jobs.
22-Oct 17:21 backup1-dir JobId 40421: No Files found to prune.
22-Oct 17:21 backup1-dir JobId 40421: End auto prune.





------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from 
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users