Landon Fuller wrote: > > On Jan 3, 2008, at 05:19, Carles Pina i Estany wrote: > >> >> Hello, >> >> I have a short question. I only wonder if someone is using it or not >> (so, if Bacula supports it or doesn't support). We made some tests and >> we couldn't do but we will re-test. >> >> Question is: is it possible to cypher the data in bacula-fd (client), and >> this bacula-fd has only access to his public key? NOT the private key? >> >> My wish is this process: >> -Generate public+private key in a secure computer >> -Copy the public key to bacula-fd computer >> -Copy the private key to some other place > > The file daemon configuration code currently requires that at least one > private key be present -- changing this would be a relatively small patch. > The crypto implementation shouldn't make (m)any assumptions about key > availability, so I believe the config change should be sufficient. > > If you've any interest in tackling this, I can provide some pointers, > otherwise I can try to get around to it sometime next week.
I had a couple of thoughts about this tonight... I was thinking about off site backups and what best practice would be: encrypt them. If you are sending your backups off-site for safe keeping, they are outside your control, and you'll probably want to encrypt them on the tape. If you are encrypting at the FD, you'll want the public key there, but probably not the private key. You might want the same key pair used on all clients, but the master key kept somewhere secure. Then I thought, if you want to do that, why not just encrypt at the SD instead of the FD. If you're a big company and you want to encrypt, why not do it all in one place? Why bother distributing the same key everywhere? Or multiple keys for that matter? Landon: given what you know now, would encrypting at the SD be similar in scope to encrypting at the FD? -- Dan Langille - http://www.langille.org/ BSDCan - The Technical BSD Conference: http://www.bsdcan.org/ PGCon - The PostgreSQL Conference: http://www.pgcon.org/ ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
