Re: [Bacula-users] file signatures PKI vs FileSet
Hello, 2012/9/28 lst_ho...@kwsoft.de - The FileSet signature (md5/sha) is used to compare (at Bacula SD?) if the data read are unaltered regarding the hash value stored in the database I think fileset signature is not used during restore. :) I can't find appropriate code in extract_data function. Maybe it is computed elsewhere. As far as i know the fielset signature is used for verify jobs, so it would be the Storage Daemon using it and not the File Daemon, no? OK, verify jobs. So it is performed on FD, not SD. best regards -- Radosław Korzeniewski rados...@korzeniewski.net -- How fast is your code? 3 out of 4 devs don\\\'t know how their code performs in production. Find out how slow your code is with AppDynamics Lite. http://ad.doubleclick.net/clk;262219672;13503038;z? http://info.appdynamics.com/FreeJavaPerformanceDownload.html___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
Re: [Bacula-users] file signatures PKI vs FileSet
Zitat von lst_ho...@kwsoft.de: Hello i wonder which of the cryptographic signatures is used and how if i specify in the FileSet option signature=md5 and on the client FD config PKI Signatures=yes. In the manual is stated that the PKI Signatures is not configurable but uses SHA-2 if available, otherwise SHA-1. This lead to the following questions: - Is the signature upgraded in this case to SHA-1? - Is one of them silently ignored if both are specified or will both be calculated and used? Further digging in to this one it looks like the signature configured in the FileSet is stored in the DB while PKI signature is part of the data, so both will be used/calculated. So it boils down to the following: - PKI Signature ensures that the client FD can verify on restore that the data are actually saved by itself signed with the private key - PKI Encryption ensures that no one without any of the private keys used at backup time can read the data - The FileSet signature (md5/sha) is used to compare (at Bacula SD?) if the data read are unaltered regarding the hash value stored in the database With this in mind we will switch off PKI signatures to eventuelly (re)gain some speed. Please let me know if i got something wrong on this topic Thanks Andreas -- Got visibility? Most devs has no idea what their production app looks like. Find out how fast your code is with AppDynamics Lite. http://ad.doubleclick.net/clk;262219671;13503038;y? http://info.appdynamics.com/FreeJavaPerformanceDownload.html ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
Re: [Bacula-users] file signatures PKI vs FileSet
Hello, 2012/9/28 lst_ho...@kwsoft.de - PKI Signature ensures that the client FD can verify on restore that the data are actually saved by itself signed with the private key Correct. - PKI Encryption ensures that no one without any of the private keys used at backup time can read the data And Master Key if configured. :) - The FileSet signature (md5/sha) is used to compare (at Bacula SD?) if the data read are unaltered regarding the hash value stored in the database I think fileset signature is not used during restore. :) I can't find appropriate code in extract_data function. Maybe it is computed elsewhere. With this in mind we will switch off PKI signatures to eventuelly (re)gain some speed. It's a good idea. Especially that pki signatures are computed after whole file restore, which could be slow. best regards -- Radosław Korzeniewski rados...@korzeniewski.net -- Got visibility? Most devs has no idea what their production app looks like. Find out how fast your code is with AppDynamics Lite. http://ad.doubleclick.net/clk;262219671;13503038;y? http://info.appdynamics.com/FreeJavaPerformanceDownload.html___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
Re: [Bacula-users] file signatures PKI vs FileSet
Zitat von Radosław Korzeniewski rados...@korzeniewski.net: Hello, 2012/9/28 lst_ho...@kwsoft.de - PKI Signature ensures that the client FD can verify on restore that the data are actually saved by itself signed with the private key Correct. - PKI Encryption ensures that no one without any of the private keys used at backup time can read the data And Master Key if configured. :) - The FileSet signature (md5/sha) is used to compare (at Bacula SD?) if the data read are unaltered regarding the hash value stored in the database I think fileset signature is not used during restore. :) I can't find appropriate code in extract_data function. Maybe it is computed elsewhere. As far as i know the fielset signature is used for verify jobs, so it would be the Storage Daemon using it and not the File Daemon, no? With this in mind we will switch off PKI signatures to eventuelly (re)gain some speed. It's a good idea. Especially that pki signatures are computed after whole file restore, which could be slow. Thanks for confirming Andreas -- Got visibility? Most devs has no idea what their production app looks like. Find out how fast your code is with AppDynamics Lite. http://ad.doubleclick.net/clk;262219671;13503038;y? http://info.appdynamics.com/FreeJavaPerformanceDownload.html ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
[Bacula-users] file signatures PKI vs FileSet
Hello i wonder which of the cryptographic signatures is used and how if i specify in the FileSet option signature=md5 and on the client FD config PKI Signatures=yes. In the manual is stated that the PKI Signatures is not configurable but uses SHA-2 if available, otherwise SHA-1. This lead to the following questions: - Is the signature upgraded in this case to SHA-1? - Is one of them silently ignored if both are specified or will both be calculated and used? Many Thanks Andreas -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://ad.doubleclick.net/clk;258768047;13503038;j? http://info.appdynamics.com/FreeJavaPerformanceDownload.html ___ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
