-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The easiest method for adding encryption to Bacula would be via basic
symmetric key encryption, coupled with MAC for data integrity
validation. However, public key algorithms provide a few key features
that symmetric algorithms can not, namely:
* Data integrity validation by a 3rd party without access to the
creator's private MAC key.
* Use of master key(s), allowing for decryption of data by the master
key holder, even if the original encryption key is lost, and without
sacrificing data integrity validation.
After considering the above, I decided to move ahead with public-key
encryption, and am currently working on the implementation of signed
message digests.
Each FD will have a private/public key-pair, and use that to encrypt a
random per-job session key. The session key will in turn be used to
encrypt the file data using symmetric encryption.
The code currently supports PEM-encoded RSA and DSA private keys, and
PEM-encoded x509 public keys, allowing you to leverage existing x509
infrastructure, if any. If you are using RSA keys and OpenSSL 0.9.8 or
later, SHA-512 is used to verify message integrity. Otherwise, SHA-1 is
used for RSA. DSA keys use SHA-1 with DSS.
A special master private/public key-pair can be made and then stored
somewhere very safe, such as a safety deposit box. The master public key
can then be distributed to all FDs. When initiating a new job, the
per-job session key will be encrypted for both the File Daemon and for
the Master key. If the FD's key is lost, the master key can be used to
recover the file contents.
If you are currently using Bacula's TLS support, you can use the same
key-pair for data encryption/integrity validation. However, there is
absolutely no requirement to do so -- You can create a self-signed
key-pair very easily:
~ openssl genrsa -out fd.key 2048
~ openssl req -new -key fd.key -x509 -out fd.cert
Additionally, integrity validation can be used independently of data
encryption -- providing assurance that the files stored on the backup
server were restored without modification.
For now, Bacula will only support encryption and validation of file
contents. Supporting additional stream types will require considerable
overhauling of the STREAM system; something Kern has tentatively planned
for the next release.
- -landonf
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (FreeBSD)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD4DBQFC/u8VlplZCE/15mMRAvNjAJ9wsA3fzUWEcVJAyw5mMo0pHxbBXQCVFAQU
aRrD3qZ+igqR4Rltpj7Faw==
=842S
-----END PGP SIGNATURE-----
-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
