This one time, at band camp, Andrew Hall wrote: >http://security.uchicago.edu/tools/gpg-amanda/
One of the nice things about plain tar is that it can cope with stream errors; if one block on the tape is busted then you can still recover the rest of the backup. A while ago (probably 4 months past) I started looking at this; I didnt' know about the above URL. I did some testing to see if gpg could cope with stream errors. It turns out that there's a couple of encryption algorithms that GnuPG claims to use that *can* cope with stream errors and continue decryption around it; alas I don't have any of the details anymore but it should be easy to find that out again, this time I know what I'm looking for. The problem is that you can't get GnuPG to use that algorithm (again short on details so please take large grain of salt), but OpenSSL does let you use it. I think it was the AES CBC cipher that I was looking at. I also think there was a different problem with OpenSSL that prevented it from being immediately useful. Anyway, the point I'm trying to make is that you don't want to reduce the recoverability of your tapes if you encrypt them, but I'm fairly certain that the method GnuPG uses, described at that URL above, provides no facility for recovery from stream errors. -- [EMAIL PROTECTED] http://spacepants.org/jaq.gpg
