-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi Valentin,
I have a working setup with encryption over here. On Wed, 29 Apr 2020, Valentin Dzhorov wrote:
Ok, so I am trying to turn on data encryption feature described here: https://docs.bareos.org/TasksAndConcepts/DataEncryption.html. I have issued RSA public and private key and I have consolidated them into one PEM file. My configuration on the client itself looks like the following: Client { Name = client1 Maximum Concurrent Jobs = 10 Maximum Bandwidth Per Job = 90 m/s # remove comment from "Plugin Directory" to load plugins from specified directory. # if "Plugin Names" is defined, only the specified plugins will be loaded, # otherwise all storage plugins (*-fd.so) from the "Plugin Directory". # Plugin Directory = /usr/lib64/bareos/plugins # Plugin Names = "" # if compatible is set to yes, we are compatible with bacula # if set to no, new bareos features are enabled which is the default # compatible = yes PKI Signatures = yes PKI Encryption = yes PKI Keypair = "/etc/bareos/bareos-fd.d/certificate/assembled/consolidated.pem" PKI Master Key = "/etc/bareos/bareos-fd.d/certificate/master.pem" PKI Cipher = aes128 }
My config looks similar, except, that I do not provide the "master.pem", but solely the "master.cert" - what's the content of your "master.pem": does it contain the private key, too? That is not necessary and may break things - additionally, this is wrong from a security point of view: you do *not* want to distribute the private master key across all your clients.
However when I am doing backups nothing seems to happen. I get the following message when doing backups: Encryption: None Can anyone let me know what am I doing wrong here? Thank you all in advance!
Additionally to my point above: have you checked file permissions? Can bareos read the private keys?
regards, Erich -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE3p92iMrPBP64GmxZCu7JB1Xae1oFAl6pby4ACgkQCu7JB1Xa e1qo5g/+ORdkI51kmJYzt//L91cBxETOhns0BYH2xA4Q5CXO2mMLyYhCSR+osr7g dAkhDcLWvXOUpSOsrNm2ZUo7ejwLlJ4ovSpfX5dOgJq1U5njG3VBPMSwGO2IXaPN RfDMt5D3VeplfQJKtnJon1wPltEwnfY6hUqp3stRDVHbfHyV0UpNyGN4kMwPUR6H RlkxoUWmCOkT2c/YFDkf6d/vTThXKtXt10NjhX38kJoW7GEjikiBZMz/3U1eN7ay pbwgtAm5Gg+xY3R39sQHRbhDtXUuykA8JPvnCztk2vyq7y+MOxIprAnsMUQr83UM 8egi1TwH1nUhsr1Mg7IDnOxJxWIFx8m77N28o1SaCnS4DibPY+vLhwvasOxl7XxM XWEO4RqieofH93TrPYxOhIcJRRb3e9kVERav/gViYf+vGzb1HM48QCLJDY/iSINk WN01cJKzGrkU6bKqsI6DP1ISgYg2e8src8kwPd58fh0wTQhrpYDh7i8joYY8Pweo r9V02YqiCXH+fkgFZCYkZPCORSI0hF1XKV/BPHo0NfOE8vtt54/Rn/CmBmzvWc8c jbjWjYXARn/mcEptjbCOMYO9SAIqKu0mZbGEMEU0DySxphgDpdu21oPUCkYC8yfQ qi684/NvI0u3Bd9KbKJRPqjbHfdY8FF6ETzXiLd3z2rkalVwG7w= =1SiK -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "bareos-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to bareos-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/bareos-users/alpine.LNX.2.22.419.2004291410040.10703%40desk.ddns.eckner.net.