Michael Havas wrote:
> Hi everyone,
>
> Following the advice of Pierre Bernhardt in a thread started by me
> entitled "Password Protection on Restore", I've decided to use data
> encryption to not allow everyone who can use bconsole to perform a
> restore-job.
>
> To do this, I wish to encrypt data using a master certificate but keep
> the key offline in a safe to not allow decryption.
>
> I've looked through the documentation but cannot find configuration
> option to specify the cert only and not the keypair used for encryption.
> I've been mostly looking for something like PKI Certificate or PKI
> Master Certificate but neither work. I've tried specifying only the cert
> for PKI Keypair but the daemon dies with openssl wondering where it can
> find the key.
>
> Does anybody know of such a way to specify the cert used in the
> encryption only?
>
> Thanks,
>
> Michael
>
Hello again,
After looking around through the documentation I found that I required:
=== +
FileDaemon {
PKI Signatures = Yes # Enable Data Signing
PKI Encryption = Yes # Enable Data Encryption
# PKI Keypair = "/etc/bacula/fd-example.pem"
PKI Master Key = "/etc/bacula/master.cert"
}
=== -
Previously, I was confused because the directive is for a 'PKI Master
Key' and not a 'PKI Master Cert' which it actually is.
You will notice that 'PKI Keypair' is commented since I do not wish to
use a client public and private key as I do not wish the client to be
able to decrypt the data unless I am present.
This leads to an error indicating the PKI Keypair muse be defined. I do
not require a PKI Keypair as this would be a security vulnerability. Is
it possible to get around this? Any hacky solution will do!
Thanks,
Michael
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Bacula-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/bacula-users
