Re: [Bacula-users] Encryption?

Sat, 15 Apr 2006 12:36:07 -0700 

Michel Meyers wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Francisco Reyes wrote:

Reading Bacula's current state I see under heading:

Current Implementation Restrictions
+ Data encryption of the Volume contents.

What does that mean? Encryption of volumens are not supported yet?


Correct: There's encryption of the communication between the File Daemon
and the Storage Daemon but no encryption of the data as it is written to
tape/HDD/CD/DVD. That's still on the todo list.


Francisco,
I noticed in your other E-Mail you are using FreeBSD. You can place your Bacula volumes on a encrypted device using the built in capabilities of GEOM.
If you already have the system in place and don't have the ability to put the disc devices themselves under GBDE/GELI you can create file backed discs on top of your existing file systems. 

For example:

1. Create a 100GB sparse file. (Seek is specified in sectors of 512 bytes).

dd if=/dev/zero of=/vol/encrypted.disc seek=209715200 count=1

2. Create a key

dd if=/dev/random of=/home/bob/encrypted.key bs=64 count=1

3. Attach the file to your system.

mdconfig -a -t vnode -f /vol/encrypted.disc

4. Initialise the geli encryption layer.

geli init -s 8192 -K /home/bob/encrypted.key /dev/md0

5. Attach the encrypted device.

geli attach -k /home/bob/encrypted.key /dev/md0

6. Place a filesystem on the encrypted device

newfs /dev/md0.eli

7. mount this

mount /dev/md0.eli /mnt/encrypted

The key file can be placed on a usb stick.

Cheers,
Dominic


Greetings,
      Michel
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32) - GPGrelay v0.959

iD8DBQFEQTD/2Vs+MkscAyURAsdqAKDaTACLUUZ+KUZmL8h78br7U4Q71QCglLVE
JGCrYNfaEIhEm1sC89WwKvI=
=5nNV
-----END PGP SIGNATURE-----


-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast 
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users




-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

Reply via email to