Hi!
On Jan/03/2008, Arno Lehmann wrote:
> 03.01.2008 14:19,, Carles Pina i Estany wrote::
> > Hello,
> >
> > I have a short question. I only wonder if someone is using it or not
> > (so, if Bacula supports it or doesn't support). We made some tests and
> > we couldn't do but we will re-test.
> >
> > Question is: is it possible to cypher the data in bacula-fd (client), and
> > this bacula-fd has only access to his public key? NOT the private key?
>
> As far as I know, this is NOT possible.
>
> There are two reasons: Encryption is asymmetric, i.e. you couldn't
> restore from an encrypted backup, which will be quite pointless (most
> of the time).
I'm thinking in a very concrete scenario. But for me makes sense, for
example, to have the private key away from that bacula-fd. I'm thinking,
for example, in a scenario with one firm doing the backups and selling
this service to another firm. Would be great to never "touch" the
private key.
> The second reason is that, with TLS, to generate the actual,
> symmetric, session key, the private key is used.
disable TLS and enable encryption would fix it, I understand (yes, I
know, meta data is not cyphered). Also, I think that would be possible
to use other pair of keys for TLS (but is just a thought here, I'm not
expert in cryptography, bacula, etc.)
> > Sorry for the lack of information, but we only need to know if it's
> > possible to do :-) (and some advise about how to do it is welcome, of
> > course). We already checked bacula documentation but is only giving
> > instructions having the public and private key in bacula-fd, as far as
> > we've found.
>
> Of course you could try to use the keys swapped, i.e. treat the public
> key as secret and vice versa. I don't know if this works, it might be
> that the FD needs both keys.
I had this feeling when I tried to test it. Doesn't matter :-)
> > NEXT IDEA: bacula-fd cyphers the data only using master public key. This
> > would be fine too -generate the keys, public key is sent to server and
> > private key is not sent-. But we couldn't use that way either
>
> As far as I know, a master key is used as an additional key only.
I thought to use as additional key without any other key :-) (so, the
only key in the system)
Thanks for your attention and information!
--
Carles Pina i Estany GPG id: 0x8CBDAE64
http://pinux.info Manresa - Barcelona
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
