Hello, I have tested encryption/decryption on many bacula backups but
one job is tricky
I have Linux, MacOSX and Windows 2003 servers
I have master.cert and one fd.pem for encryption on each client.
fd.pem is specific for each client
master.cert is on every client and allow to decrypt with the "secret"
master.pem in the case we loose the specific backup key.
My bacula server is unable to restore 1 of my three Windows servers
using the master.pem keypair
With bacula, I used an SQLQuery to check all the master.pem certificates.
SELECT DISTINCT
path.path,
file.md5,
job.starttime,
client.name
FROM
public.client,
public.file,
public.filename,
public.path,
public.job
WHERE
client.clientid = job.clientid AND
file.jobid = job.jobid AND
file.filenameid = filename.filenameid AND
file.pathid = path.pathid AND
filename.name = 'master.cert'
ORDER BY file.md5,client.name,path.path,job.starttime
Result shows me that md5 hash are different on different OS
ex 1 hash on all osx server, one hash on all linux server
But on windows md5 are always different whatever is the machine !
2 of my three windows machines uses the same bacula 5.0.3 binaries
downloaded from the bacula Repo
All the master.cert are ASCII files with the same content.
All the master.cert on Windows are coded with CRLF carrier return
All the master.cert on Linux/Mac are coded with LF carrier return
With another md5 function i got the same master.cert hash on every
Linux/Mac and the same other hash on every Windows system.
I dont understand where does the problem come from …
For the moment I keep in security every pem files from my file daemons
but it's a really trikky situation that makes no error !!!! Every
thing works except the restore on one machine !!!!
That passes completely unperceived because your are not checking that
master restore is working on every client deployment !!!!
I think that bacula have to check the encryption certificates, that
dummy Windows bacula version never checks the validity of the master
public key !
What should be the right format and encoding for bacula certificates ?
Everything works except on one Windows !
I advice everybody to check their windows restoration via the master.pem file
Thank for your help
Hugo
------------------------------------------------------------------------------
Better than sec? Nothing is better than sec when it comes to
monitoring Big Data applications. Try Boundary one-second
resolution app monitoring today. Free.
http://p.sf.net/sfu/Boundary-dev2dev
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
