Zitat von lst_ho...@kwsoft.de: > Hello > > i wonder which of the cryptographic signatures is used and how if i > specify in the FileSet option "signature=md5" and on the client FD > config "PKI Signatures=yes". In the manual is stated that the "PKI > Signatures" is not configurable but uses SHA-2 if available, otherwise > SHA-1. This lead to the following questions: > > - Is the signature "upgraded" in this case to SHA-1? > - Is one of them silently ignored if both are specified or will both > be calculated and used?
Further digging in to this one it looks like the signature configured in the FileSet is stored in the DB while PKI signature is part of the data, so both will be used/calculated. So it boils down to the following: - PKI Signature ensures that the client FD can verify on restore that the data are actually saved by itself signed with the private key - PKI Encryption ensures that no one without any of the private keys used at backup time can read the data - The FileSet signature (md5/sha) is used to compare (at Bacula SD?) if the data read are unaltered regarding the hash value stored in the database With this in mind we will switch off PKI signatures to eventuelly (re)gain some speed. Please let me know if i got something wrong on this topic Thanks Andreas ------------------------------------------------------------------------------ Got visibility? Most devs has no idea what their production app looks like. Find out how fast your code is with AppDynamics Lite. http://ad.doubleclick.net/clk;262219671;13503038;y? http://info.appdynamics.com/FreeJavaPerformanceDownload.html _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
