On top of the issue with the reversed processing during restore that I previously mentioned, there is a fundamental flaw in the processing of compressed+gzipped data. The problem is that boundaries aren't preserved across encrypt/decrypt.
What happens is that after the block is compressed it is encrypted. However since the encryption engine processes data in blocks there may still be bytes from the compressed block in the pipeline when the block is sent to the Storage Daemon. As a result, when the same block is decrypted it may result in only part of the compressed block. Unfortunately there is no way to tell how much decrypted data is required by the decompression engine with the current design. I think the algorithm would have to be changed to pass along the compressed data size with each compressed block. Comments? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Landon Fuller Sent: Wednesday, November 01, 2006 7:08 PM To: Michael Brennen Cc: bacula-users@lists.sourceforge.net Subject: Re: [Bacula-users] Encryption/Compression Conflict in CVS On Nov 1, 2006, at 2:20 PM, Michael Brennen wrote: > On Wednesday 01 November 2006 15:33, Arno Lehmann wrote: > >>>> This sounds like compression should be automatically disabled when >>>> encrypton is enabled. Should be useless anyway as encrypted data >>>> should >>>> no longer be compressible. >>> >>> Not if compression happens prior to encryption. :) >> >> Theoretically - yes, but I'm quite sure that encryption usually also >> compresses data. This is completely unverified and refers to >> encryption >> programs that are rather outdated by now, though... >> >> But I suppose you could inform us if encryption in Bacula also >> compresses :-) > > Landon, what is your take on this? Since you wrote the code you > seem to be > the best source on whether the openssl functions you are using > compress data. Howdy, The encryption does not include compression -- It made more sense to piggyback on the existing compression code. Also, thanks for catching this! I'm embarrassed that I forgot to test backup+restore with both compression and encryption enabled. -landonf ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
