Menu
▾
▴
Re: [Bacula-users] file signatures PKI vs FileSet
|
From: <lst...@kw...> - 2012-09-28 11:29:25
|
Zitat von Radosław Korzeniewski <rad...@ko...>: > Hello, > > 2012/9/28 <lst...@kw...> >> >> - PKI Signature ensures that the client FD can verify on restore that >> the data are actually saved by itself signed with the private key >> > > Correct. > > >> - PKI Encryption ensures that no one without any of the private keys >> used at backup time can read the data >> > > And Master Key if configured. :) > > >> - The FileSet signature (md5/sha) is used to compare (at Bacula SD?) >> if the data read are unaltered regarding the hash value stored in the >> database >> > > I think fileset signature is not used during restore. :) I can't > find appropriate code in extract_data function. Maybe it is computed > elsewhere. As far as i know the fielset signature is used for verify jobs, so it would be the Storage Daemon using it and not the File Daemon, no? >> >> With this in mind we will switch off PKI signatures to eventuelly >> (re)gain some speed. >> >> > It's a good idea. Especially that pki signatures are computed after whole > file restore, which could be slow. Thanks for confirming Andreas |