LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Bacula and encryption (https://www.linuxquestions.org/questions/linux-newbie-8/bacula-and-encryption-758672/)

tqz 09-30-2009 08:36 AM

Bacula and encryption
 
Hello all

I am using bacula to backup my the contents of my server onto a tape and using data encyrption.

Previously, the encryption was working fine and you wouldnt be able to restore files from the tape without the decryption keys. However, I stopped encrypting the tapes for a while whilst doing some testing and now when encrypting the data (although the backup says 'Storage Encryption: yes' in the log), I can restore the files from the tape even though i delete the keypair and master key from where they should be located on the server.

Any ideas what I may be doing wrong or forgotten to do???

Many thanks in advance.


t.

trickykid 09-30-2009 04:54 PM

I would imagine they were never actually getting encrypted to begin with according to the documentation.

Can you post your configuration where you were specifying encryption with the FileDaemon?

And yes, you cannot recover encrypted files without the keys. So if you are recovering data from a time period you thought was being encrypted, I'd imagine they weren't getting encrypted.

tqz 10-01-2009 04:11 AM

Hi trickykid and thanks for your response.

In the bacula-fd.conf files I have the following lines for data encryption:-

#added for data encryption
PKI Signatures = Yes
PKI Encryption = Yes
PKI Keypair ="/home/private/ppkey.pem" #Public and private key
PKI Master Key ="/home/private/master.cert" #Only public key


What I found:-

If you comment out the above lines in the config file, restart bacula, delete the keys from the location specified above and restore "encrypted" tape (backed up when encryption was enabled) everything gets restored (when it shouldnt).

If I have the above lines uncommented and delete the keys from the location specified above then the file daemon wont obviously start.Delete/move the keys after restarting bacula files get restored!

Previously however, when I changed the keys/deleted the keys and tried to restore from an encrypted tape all was working fine i.e. I would get a error complaining about the decryption keys and wouldnt be able to restore the contents of the tape.

So I am confused as to what is going on. In the log it does say 'Storage Encryption: yes' for the backup job that I am trying to restore...

trickykid 10-01-2009 11:11 AM

Odd indeed. I haven't messed with encryption that much myself but perhaps you should post this to the bacula mailing lists (which is quite active) on your findings. Perhaps someone there could enlighten on what's possibly going on and how you're able to restore encrypted backups without the keys in place or specified.

tqz 10-02-2009 04:12 AM

Hi trickykid yes its quite odd! I have just posted on the bacula mailing lists and once I have resolved this problemo will update this thread! Thanks for your help! :)


All times are GMT -5. The time now is 01:14 PM.