Hello Jakubek,
On Fri, Jul 3, 2015 at 11:07 AM, Jakubek Jakub <bac...@31337.pl> wrote:
> Hi,
> I'm trying to configure Bacula with FD encryption. I started with
> http://www.bacula.com.br/manual/Data_Encryption.html but it doesn't work.
>
> My environment:
> bacula-dir on FreeBSD Version: 7.0.4 (04 June 2014)
> bacula-fd on Debian Version: 5.2.6 (21 February 2012)
>
> Configuration FD, at this moment I configured only FD:
> ##
> Director {
> Name = back-dir
> Password = "xxx"
> }
>
> FileDaemon {
> Name = client-fd
> FDport = 9102
> WorkingDirectory = /var/lib/bacula
> Pid Directory = /var/run/bacula
> Maximum Concurrent Jobs = 20
> PKI Signatures = Yes
> PKI Encryption = Yes
> PKI Keypair = "/etc/bacula/cert.pem"
> PKI Master Key = "/etc/bacula/master.cert"
> }
>
> Messages {
> Name = Standard
> director = cwback-dir = all, !skipped, !restored
> }
> ###
>
> Certs on filesystem:
> root@gpgkeyserver:/etc/bacula# ls -ls master.cert cert.pem
> 4 -rw------- 1 root root 2977 Jul 3 13:41 cert.pem
> 4 -rw------- 1 root root 1285 Jul 3 13:41 master.cert
>
> cert.pem includes cert+key
> master.cert includes only master cert
>
> ###
>
> After executing job for client with enabled encryption I can find
> "Encryption: yes" in summary. It means that files should be
> encrypted.
>
> Funny thing is that I didn't five any PKI information to bacula-dir so
> after all it shouldn't be possible to restore any data. At this moment I
> can restore all data without master key so it indicates that encryption
> is not working. Any ideas why it's not working? Maybe I'm doing it wrong?
>
The idea is that bacula-dir do not have access to unencrypted contents.
But it must work for restores. The data will be unencrypted at client side.
So IMHO this is working as expected.
>
> Debug containing PKI related part from bacula-fd:
> /usr/sbin/bacula-fd -c /etc/bacula/bacula-fd.conf -dt -d 1000 -f -m
>
> 03-Jul-2015 15:45:28 bacula-fd: lex.c:237-0 fget line=12 PKI
> Signatures = Yes
> 03-Jul-2015 15:45:28 bacula-fd: parse_conf.c:925-0 parse state=1 pass=2
> got token=T_IDENTIFIER
> 03-Jul-2015 15:45:28 bacula-fd: parse_conf.c:974-0 in T_IDENT got
> token=T_EQUALS
> 03-Jul-2015 15:45:28 bacula-fd: parse_conf.c:980-0 calling handler for
> pkisignatures
> 03-Jul-2015 15:45:28 bacula-fd: lex.c:237-0 fget line=13 PKI
> Encryption = Yes
> 03-Jul-2015 15:45:28 bacula-fd: parse_conf.c:925-0 parse state=1 pass=2
> got token=T_IDENTIFIER
> 03-Jul-2015 15:45:28 bacula-fd: parse_conf.c:974-0 in T_IDENT got
> token=T_EQUALS
> 03-Jul-2015 15:45:28 bacula-fd: parse_conf.c:980-0 calling handler for
> pkiencryption
> 03-Jul-2015 15:45:28 bacula-fd: lex.c:237-0 fget line=14 PKI Keypair =
> "/etc/bacula/cert.pem"
> 03-Jul-2015 15:45:28 bacula-fd: parse_conf.c:925-0 parse state=1 pass=2
> got token=T_IDENTIFIER
> 03-Jul-2015 15:45:28 bacula-fd: parse_conf.c:974-0 in T_IDENT got
> token=T_EQUALS
> 03-Jul-2015 15:45:28 bacula-fd: parse_conf.c:980-0 calling handler for
> pkikeypair
> 03-Jul-2015 15:45:28 bacula-fd: lex.c:237-0 fget line=15 PKI Master
> Key = "/etc/bacula/master.cert"
> 03-Jul-2015 15:45:28 bacula-fd: parse_conf.c:925-0 parse state=1 pass=2
> got token=T_IDENTIFIER
> 03-Jul-2015 15:45:28 bacula-fd: parse_conf.c:974-0 in T_IDENT got
> token=T_EQUALS
> 03-Jul-2015 15:45:28 bacula-fd: parse_conf.c:980-0 calling handler for
> pkimasterkey
> 03-Jul-2015 15:45:28 bacula-fd: parse_conf.c:565-0 Append
> /etc/bacula/master.cert to alist 1d900f8 size=0 pkimasterkey
>
> Kind regards,
> --
> jakub
>
Best regards,
Ana
>
>
> ------------------------------------------------------------------------------
> Don't Limit Your Business. Reach for the Cloud.
> GigeNET's Cloud Solutions provide you with the tools and support that
> you need to offload your IT needs and focus on growing your business.
> Configured For All Businesses. Start Your Cloud Today.
> https://www.gigenetcloud.com/
> _______________________________________________
> Bacula-users mailing list
> Bacula-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bacula-users
>
------------------------------------------------------------------------------
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
