Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am using bacula to backup my the contents of my server onto a tape and using data encyrption.
Previously, the encryption was working fine and you wouldnt be able to restore files from the tape without the decryption keys. However, I stopped encrypting the tapes for a while whilst doing some testing and now when encrypting the data (although the backup says 'Storage Encryption: yes' in the log), I can restore the files from the tape even though i delete the keypair and master key from where they should be located on the server.
Any ideas what I may be doing wrong or forgotten to do???
I would imagine they were never actually getting encrypted to begin with according to the documentation.
Can you post your configuration where you were specifying encryption with the FileDaemon?
And yes, you cannot recover encrypted files without the keys. So if you are recovering data from a time period you thought was being encrypted, I'd imagine they weren't getting encrypted.
In the bacula-fd.conf files I have the following lines for data encryption:-
#added for data encryption
PKI Signatures = Yes
PKI Encryption = Yes
PKI Keypair ="/home/private/ppkey.pem" #Public and private key
PKI Master Key ="/home/private/master.cert" #Only public key
What I found:-
If you comment out the above lines in the config file, restart bacula, delete the keys from the location specified above and restore "encrypted" tape (backed up when encryption was enabled) everything gets restored (when it shouldnt).
If I have the above lines uncommented and delete the keys from the location specified above then the file daemon wont obviously start.Delete/move the keys after restarting bacula files get restored!
Previously however, when I changed the keys/deleted the keys and tried to restore from an encrypted tape all was working fine i.e. I would get a error complaining about the decryption keys and wouldnt be able to restore the contents of the tape.
So I am confused as to what is going on. In the log it does say 'Storage Encryption: yes' for the backup job that I am trying to restore...
Odd indeed. I haven't messed with encryption that much myself but perhaps you should post this to the bacula mailing lists (which is quite active) on your findings. Perhaps someone there could enlighten on what's possibly going on and how you're able to restore encrypted backups without the keys in place or specified.
Hi trickykid yes its quite odd! I have just posted on the bacula mailing lists and once I have resolved this problemo will update this thread! Thanks for your help!
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.