On Sep 29, 2007, at 10:38 PM, Ross Boylan wrote:
I would like to encrypt my backups on disk, but am concerned that doing so relies on openssl and that may create problems down the line. Could anyone clarify if it will? What's the best thing to do (which might beavoiding encryption)? I realize that 100% certainty is unlikely; I'll settle for less! Details: I use bacula on Debian, and it has disabled openssl support because of licensing problems (e.g., thread beginning http://lists.debian.org/debian-legal/2007/07/msg00144.html, also the"catch-22 thread" on this list in June). I am interested in encryptingbackups. I don't actually care about encrypting communication on the wire, but from what I can tell either feature uses openssl. Does on-disk encryption depend on openssl?
No -- it uses portable DER-encoded ASN.1 format, with RSA and AES encryption. It should be possible (and indeed, such was the intent) to decrypt these backups with any full-featured crypto library.
Apparently some people have been working on getting bacula to work with GNUTLS, but Kern's plan is to relicense the sources so they can continueto work with openssl. (I'm a little surprised the latter is possiblegiven that FSF is administering? holding? the license.). But it soundsas if a transition to TLS is possible, maybe done by downstream packagers (e.g., Debian).
As I understand it, Kern removed all third party GPL'd code, and has (or will be) re-licensing it to allow linking against OpenSSL, thus negating the licensing issue.
-landonf
PGP.sig
Description: This is a digitally signed message part
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ Bacula-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/bacula-devel
