>>>>> On Fri, 22 Jan 2010 10:31:39 +0000, Conor O'Callaghan said: > > 2010/1/21 Martin Simmons <mar...@lispworks.com> > > > >>>>> On Wed, 20 Jan 2010 17:23:34 +0000, Conor O'Callaghan said: > > > > > > Hi everyone, > > > > > > Client/Server both 3.02 on linux x64 > > > > > > I have made some encrypted backups from my client, I can successfully > > > recover from the backup using bconsole. When I try to simulate a machine > > > crash, by using another machine with the keys and config from the > > original > > > client, I get the following errors on restoration of files. The files > > appear > > > to restore correctly regardless of the error relating to the encryption > > > missing. > > > > > > http://pastebin.ca/1759144 and http://pastebin.ca/1759151 ( most recent > > ) > > > > > > Is there any way to resolve this issue? Or is it normal since the machine > > > has changed? I have found very little relating to this issue in the > > > archives. > > > > The "Missing cryptographic signature" message is generated after the file > > has > > been restored, which is why the files appear OK. I'm not sure why that > > would > > happen, but it means that restore failed to find the signature that should > > have been generated when the file was backed up. Maybe the PKI > > configuration > > is incorrect or you changed it between backup and restore? > > I am just thinking that the issue might be caused by the fact that the keys > were generated on the original client box, I didn't import them in the new ( > recovery ) box, simply put them on disk and pointed the bacula configuration > to them ( identical to the client ). Could that be the cause? I may be able > to investigate further today.
AFAIK, there is no need to import them (or indeed anywhere to import them to). The keys must have been used, because otherwise you couldn't decrypt the backup. That error would also be generated if the signature was not recorded. Are you 100% sure that it was actually encrypted and signed? What does the restore do on the original box if you remove the pki lines from the config? Also look at the output of bscan -v -v -r path-to-volume, to check for Stream=22 (encrypted data) and Stream=19 (signature). The output will be large, so I suggest writing it to file. __Martin ------------------------------------------------------------------------------ Throughout its 18-year history, RSA Conference consistently attracts the world's best and brightest in the field, creating opportunities for Conference attendees to learn about information security's most important issues through interactions with peers, luminaries and emerging and established companies. http://p.sf.net/sfu/rsaconf-dev2dev _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users