>>>>> On Mon, 25 Jan 2010 09:26:53 +0000, Conor O'Callaghan said: > > 2010/1/22 Martin Simmons <mar...@lispworks.com> > > > >>>>> On Fri, 22 Jan 2010 10:31:39 +0000, Conor O'Callaghan said: > > > > > > 2010/1/21 Martin Simmons <mar...@lispworks.com> > > > > > > > >>>>> On Wed, 20 Jan 2010 17:23:34 +0000, Conor O'Callaghan said: > > > > > > > > > > Hi everyone, > > > > > > > > > > Client/Server both 3.02 on linux x64 > > > > > > > > > > I have made some encrypted backups from my client, I can successfully > > > > > recover from the backup using bconsole. When I try to simulate a > > machine > > > > > crash, by using another machine with the keys and config from the > > > > original > > > > > client, I get the following errors on restoration of files. The files > > > > appear > > > > > to restore correctly regardless of the error relating to the > > encryption > > > > > missing. > > > > > > > > > > http://pastebin.ca/1759144 and http://pastebin.ca/1759151 ( most > > recent > > > > ) > > > > > > > > > > Is there any way to resolve this issue? Or is it normal since the > > machine > > > > > has changed? I have found very little relating to this issue in the > > > > > archives. > > > > > > > > The "Missing cryptographic signature" message is generated after the > > file > > > > has > > > > been restored, which is why the files appear OK. I'm not sure why that > > > > would > > > > happen, but it means that restore failed to find the signature that > > should > > > > have been generated when the file was backed up. Maybe the PKI > > > > configuration > > > > is incorrect or you changed it between backup and restore? > > > > > > I am just thinking that the issue might be caused by the fact that the > > keys > > > were generated on the original client box, I didn't import them in the > > new ( > > > recovery ) box, simply put them on disk and pointed the bacula > > configuration > > > to them ( identical to the client ). Could that be the cause? I may be > > able > > > to investigate further today. > > > > AFAIK, there is no need to import them (or indeed anywhere to import them > > to). > > The keys must have been used, because otherwise you couldn't decrypt the > > backup. > > > > That error would also be generated if the signature was not recorded. Are > > you > > 100% sure that it was actually encrypted and signed? What does the restore > > do > > on the original box if you remove the pki lines from the config? Also look > > at > > the output of bscan -v -v -r path-to-volume, to check for Stream=22 > > (encrypted > > data) and Stream=19 (signature). The output will be large, so I suggest > > writing it to file. > > Hi Martin, > > Ok I find this a bit strange, I can restore the files to the original client > when I comment out the PKI lines in the config on it. However when I try to > view this file on the master, it shows as encrypted garbage.
Yes, that is strange (though I'm not sure what you mean by "on the master"). Do you see any errors during the restore with no PKI lines? I would expect an error like "No private decryption keys have been defined..." to appear. > I have this information from the bscan also: > > bscan: bscan.c:425 Record: SessId=30 SessTim=1264090948 FileIndex=2 > Stream=22 len=640 > bscan: bscan.c:425 Record: SessId=30 SessTim=1264090948 FileIndex=3 > Stream=22 len=640 > > [root@ tmp]$ cat mysqlbscan-2010012501 | grep -i Stream=19 > bscan: bscan.c:425 Record: SessId=30 SessTim=1264090948 FileIndex=2 > Stream=19 len=322 > bscan: bscan.c:425 Record: SessId=30 SessTim=1264090948 FileIndex=3 > Stream=19 len=322 That looks correct, assuming those lines correspond to the files of interest and that is the correct job. It is worth looking at a few lines before that, which should show the filename (maybe use grep --context=6). __Martin ------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
