Am 04.05.22 um 12:46 schrieb Stefan G. Weichinger:
Am 04.05.22 um 11:36 schrieb Exuvo:
Yeah the included ossl usage is using old key derivation. On my
installation i have replaced amcrypt-ossl usage with:
# cat /etc/amanda/encrypt
#!/bin/bash
AMANDA_HOME=~amanda
PASSPHRASE=$AMANDA_HOME/.am_passphrase # required
RANDFILE=$AMANDA_HOME/.rnd
export RANDFILE
at first things were failing, the "not found" was misleading me, as I
assumed the wrapper file was missing (I decided to create
"/usr/sbin/exuvo_crypt" ;-) ).
Turns out that the RANDFILE was missing, created one by:
backup:~$ dd if=/dev/urandom of=.rnd bs=256 count=1
I assume I should store/backup that one alongside the encryption
passphrase somewhere? Is it needed for decryption?
First dump looks good now, on to some restore tests.
btw: I also read of "-md sha512" to speed up ... obsolete when using
"-aes-256-ctr" maybe?
If I change encryption now it would be the time to get it right.
thanks so far!
