2010/1/22 Martin Simmons <mar...@lispworks.com>
> >>>>> On Fri, 22 Jan 2010 10:31:39 +0000, Conor O'Callaghan said:
> >
> > 2010/1/21 Martin Simmons <mar...@lispworks.com>
> >
> > > >>>>> On Wed, 20 Jan 2010 17:23:34 +0000, Conor O'Callaghan said:
> > > >
> > > > Hi everyone,
> > > >
> > > > Client/Server both 3.02 on linux x64
> > > >
> > > > I have made some encrypted backups from my client, I can successfully
> > > > recover from the backup using bconsole. When I try to simulate a
> machine
> > > > crash, by using another machine with the keys and config from the
> > > original
> > > > client, I get the following errors on restoration of files. The files
> > > appear
> > > > to restore correctly regardless of the error relating to the
> encryption
> > > > missing.
> > > >
> > > > http://pastebin.ca/1759144 and http://pastebin.ca/1759151 ( most
> recent
> > > )
> > > >
> > > > Is there any way to resolve this issue? Or is it normal since the
> machine
> > > > has changed? I have found very little relating to this issue in the
> > > > archives.
> > >
> > > The "Missing cryptographic signature" message is generated after the
> file
> > > has
> > > been restored, which is why the files appear OK. I'm not sure why that
> > > would
> > > happen, but it means that restore failed to find the signature that
> should
> > > have been generated when the file was backed up. Maybe the PKI
> > > configuration
> > > is incorrect or you changed it between backup and restore?
> >
> > I am just thinking that the issue might be caused by the fact that the
> keys
> > were generated on the original client box, I didn't import them in the
> new (
> > recovery ) box, simply put them on disk and pointed the bacula
> configuration
> > to them ( identical to the client ). Could that be the cause? I may be
> able
> > to investigate further today.
>
> AFAIK, there is no need to import them (or indeed anywhere to import them
> to).
> The keys must have been used, because otherwise you couldn't decrypt the
> backup.
>
> That error would also be generated if the signature was not recorded. Are
> you
> 100% sure that it was actually encrypted and signed? What does the restore
> do
> on the original box if you remove the pki lines from the config? Also look
> at
> the output of bscan -v -v -r path-to-volume, to check for Stream=22
> (encrypted
> data) and Stream=19 (signature). The output will be large, so I suggest
> writing it to file.
>
> __Martin
>
>
> ------------------------------------------------------------------------------
> Throughout its 18-year history, RSA Conference consistently attracts the
> world's best and brightest in the field, creating opportunities for
> Conference
> attendees to learn about information security's most important issues
> through
> interactions with peers, luminaries and emerging and established companies.
> http://p.sf.net/sfu/rsaconf-dev2dev
> _______________________________________________
> Bacula-users mailing list
> Bacula-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bacula-users
>
Hi Martin,
Ok I find this a bit strange, I can restore the files to the original client
when I comment out the PKI lines in the config on it. However when I try to
view this file on the master, it shows as encrypted garbage.
I have this information from the bscan also:
bscan: bscan.c:425 Record: SessId=30 SessTim=1264090948 FileIndex=2
Stream=22 len=640
bscan: bscan.c:425 Record: SessId=30 SessTim=1264090948 FileIndex=3
Stream=22 len=640
[root@ tmp]$ cat mysqlbscan-2010012501 | grep -i Stream=19
bscan: bscan.c:425 Record: SessId=30 SessTim=1264090948 FileIndex=2
Stream=19 len=322
bscan: bscan.c:425 Record: SessId=30 SessTim=1264090948 FileIndex=3
Stream=19 len=322
Thanks,
Conor
------------------------------------------------------------------------------
Throughout its 18-year history, RSA Conference consistently attracts the
world's best and brightest in the field, creating opportunities for Conference
attendees to learn about information security's most important issues through
interactions with peers, luminaries and emerging and established companies.
http://p.sf.net/sfu/rsaconf-dev2dev
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
