On Wed, 18 Feb 2009, Martin Simmons wrote:
> Does the private key have to be the one associated with the public key?
> It looks like the code loads them separately, so perhaps another
> solution is to use two key pairs and make a pem file containing the
> public key of one and the private key o
On Feb 18, 2009, at 10:43 AM, Landon Fuller wrote:
... and signatures could still be verified.
Spoke a little too soon. Signatures are written out with the x509
subjectkeyidentifier from the public key.
A mismatched pair would need to have matching subjects for validation,
and that assu
On Feb 18, 2009, at 3:26 AM, Martin Simmons wrote:
On Tue, 17 Feb 2009 20:24:02 -0800, Landon Fuller said:
The private key is needed during backup if you use PKI Signatures.
Right. Currently, enabling PKI encryption also enables signing, but
the encryption implementation does not require t
> On Tue, 17 Feb 2009 20:24:02 -0800, Landon Fuller said:
>
> > The private key is needed during backup if you use PKI Signatures.
>
> Right. Currently, enabling PKI encryption also enables signing, but
> the encryption implementation does not require this, and the private
> key is not ne
> On Wed, 18 Feb 2009 07:44:04 + (GMT), Tom Yates said:
>
> Would you know if I can disable signing in the configuration, or must I
> recompile; and if the latter, is it a config option or will I need to mess
> with the source myself?
You would need to modify the source.
__Martin
On Tue, 17 Feb 2009, Landon Fuller wrote:
> On Feb 17, 2009, at 8:48 AM, Martin Simmons wrote:
>
>> That sounds backwards to me. Shouldn't the encrypter (backup) use the
>> public key to keep the data safe? Then only the decrypter (restore)
>> can read the data, using the private key.
>
> Righ
On Feb 17, 2009, at 8:48 AM, Martin Simmons wrote:
That sounds backwards to me. Shouldn't the encrypter (backup) use
the public
key to keep the data safe? Then only the decrypter (restore) can
read the
data, using the private key.
Right. A symmetric session key is used for each backup r
> On Tue, 17 Feb 2009 07:07:19 -0800, Kevin Keane said:
>
> > The above manual page on data encryption says that the encryption involves
> > three steps:
> >
> > 1. The File daemon generates a session key.
> > 2. The FD encrypts that session key via PKE for all recipients (the
> > fi
Hi,
Disclaimer: I haven't used bacula encryption. Just read the
documentation and used to teach PKI.
Tom Yates wrote:
> I'm curious about encryption; specifically, encrypting the data on the
> client-side before the storage daemon lays it down to tape.
>
> I've read http://www.bacula.org/en/dev
I'm curious about encryption; specifically, encrypting the data on the
client-side before the storage daemon lays it down to tape.
I've read http://www.bacula.org/en/dev-manual/Data_Encryption.html, and it
seems to suggest that the client *requires* both the client's private key
and the client'
10 matches
Mail list logo
