On Feb 17, 2009, at 8:48 AM, Martin Simmons wrote:
That sounds backwards to me. Shouldn't the encrypter (backup) use the public key to keep the data safe? Then only the decrypter (restore) can read thedata, using the private key.
Right. A symmetric session key is used for each backup run, which is encrypted for all provided public keys and stored along-side the encrypted data. This is how the "master" public key feature is implemented.
The private key is needed during backup if you use PKI Signatures.
Right. Currently, enabling PKI encryption also enables signing, but the encryption implementation does not require this, and the private key is not necessary for encrypting the backups.
However -- if you disable signing, there is no other validation mechanism. One could add HMAC support without too much effort, but you lose non-repudiation of the backups, as any recipient that can verify the HMAC may also generate a valid one.
Cheers, -landonf
PGP.sig
Description: This is a digitally signed message part
------------------------------------------------------------------------------ Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H
_______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
