Michael Havas schrieb: > Hi, > > I was thinking of using data encryption as discussed in the manual and > have the ssl key require a passphrase. Here are a few questions I thought > of: > > 1. Is this supported by bacula? Is somebody else doing this? > > 2. Will this even work? > > 3. Is it possible to only use the master certificate to do the encryption? In my opinion yes. Use only a master cert on the fd for encryption. This will prevent from restore without having the master key file. But this mean you cannot directly restore on the client without having the master key on the client so the client fd can read them. > > 4. Will I be required to enter the passphrase upon backing up data as > well? For automation reasons, this is not something I want. For encryption you will never need an password. The cert is enough. The cert could not be used for decryption. For decryption: I have never seen asking interactive password for decryption. You must have the key for decryption stored without the password. But my idea is you can put them on an memory stick for example.
This is my opinion. I have not tested them but it should work. For encryption I use a master cert and a fd cert for every client. And on every client the fd key is stored so I can recover directly on the client. The master key is only used by my if the client key is lost by recover the whole client. MfG... Pierre Bernhardt ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
