I would like to propose an idea for the Amanda wishlist. Assuming there aren't enough items on that list already...

What I would like to see is the option of simple encryption of backup tapes. I'm not looking for over-the-wire encryption or client side encryption, I just want my tapes to be useless to anyone who finds or steals one, and I want legitimate restores to be hampered as little as possible.

As motivation, consider the recently lost and presumably unencrypted tapes mentioned in this article at the Register:


I'm aware of the interesting work done at the University of Chicago:


But Mike Delaney's message to the list of May 30, 2005 (Re: Amanda with GPG) suggests that restoring/recovering becomes pretty hairy with this setup. (That is a pretty poor paraphrase of Mike's explanation; please look up his message in the archives for a more clear and accurate presentation.) Also, it seems to me that a server-side encryption scheme could be localized to a handful of parameters in the Amanda configuration file, which would be much easier for Amanda admins to set up.

What I am imagining is putting a simple symmetric encryption key for perhaps AES encryption in the Amanda config file, and then perhaps enabling encryption in dumptype records. Assuming encryption is the last thing that happens before a DLE goes to tape and the first thing that happens on the way back, most of the Amanda chain would not need to know about the presence of any encryption. And for disaster recovery, you would presumably want to have a printout of your Amanda config offsite, so your password would be recoverable.

As a start, is this idea conceptually sound? Maybe it could be implemented already with wrapper scripts?

- Bruce

Reply via email to