Re: [Bacula-users] Understanding Encryption
Am 27.05.2011 17:02, schrieb Tim Gustafson: one master key for each client wouldn't make that much sense, since you could just the client keys in a safe place. I have one master key for everything. But I don't keep the private key on the director. I have it on a pen drive and (to be extra sure) printed out in a safe on site and on an encrypted pen drive that I always carry with me. So, the master key is a second key that can be used to decrypt the backup then. The people whose severs I'm backing up might not want me to have access to their data, so those users would have to manage their own master keys, correct? Sorry that I respond so late, I was out of office until now. That would be correct. Regards, Christian Manal -- Simplify data backup and recovery for your virtual environment with vRanger. Installation's a snap, and flexible recovery options mean your data is safe, secure and there when you need it. Discover what all the cheering's about. Get your free trial download today. http://p.sf.net/sfu/quest-dev2dev2 ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
Re: [Bacula-users] Understanding Encryption
one master key for each client wouldn't make that much sense, since you could just the client keys in a safe place. I have one master key for everything. But I don't keep the private key on the director. I have it on a pen drive and (to be extra sure) printed out in a safe on site and on an encrypted pen drive that I always carry with me. So, the master key is a second key that can be used to decrypt the backup then. The people whose severs I'm backing up might not want me to have access to their data, so those users would have to manage their own master keys, correct? -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Tim Gustafsont...@soe.ucsc.edu Baskin School of Engineering 831-459-5354 UC Santa Cruz Baskin Engineering 317B -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- -- vRanger cuts backup time in half-while increasing security. With the market-leading solution for virtual backup and recovery, you get blazing-fast, flexible, and affordable data protection. Download your free trial now. http://p.sf.net/sfu/quest-d2dcopy1 ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
Re: [Bacula-users] Understanding Encryption
Am 26.05.2011 17:24, schrieb Tim Gustafson: Hi there, I was just looking at the following documentation page: http://www.bacula.org/en/dev-manual/main/main/Data_Encryption.html That page contains information about generating a master key and then also a set of client keys. However, the page is not clear whether you're supposed to use the same master key for all your clients, or if you should have a different master key for each client. Should I be sharing the master.cert file with each client and keeping the master.key file on my bacula-dir server, or does each client need its own master.cert and master.key file? Hi, one master key for each client wouldn't make that much sense, since you could just the client keys in a safe place. I have one master key for everything. But I don't keep the private key on the director. I have it on a pen drive and (to be extra sure) printed out in a safe on site and on an encrypted pen drive that I always carry with me. Regards, Christian Manal -- vRanger cuts backup time in half-while increasing security. With the market-leading solution for virtual backup and recovery, you get blazing-fast, flexible, and affordable data protection. Download your free trial now. http://p.sf.net/sfu/quest-d2dcopy1 ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users