From: Ross B. <Ros...@st...> - 2007-09-30 15:00:31
|
Responding to myself: On Sun, 2007-09-30 at 07:43 -0700, Ross Boylan wrote: > On Sat, 2007-09-29 at 23:09 -0700, Landon Fuller wrote: > > > Does on-disk encryption depend on openssl? > > > > No -- it uses portable DER-encoded ASN.1 format, with RSA and AES > > encryption. It should be possible (and indeed, such was the intent) > > to decrypt these backups with any full-featured crypto library. > That's good news. I was thrown by section 42.1, "Bulding Bacula with > Encryption Support" which says to use ./configure --with-openssl to > configure encryption (this is in the chapter on data encryption). > > Does the on-disk encryption just happen to be controlled by the same > switch that activates openssl? Or will on disk encryption work even > without that config option (the latter would be good news to me, since I > wouldn't need to rebuild the Debian package to get it). I think I get it. The correct answer is none of the above. openssl is necessary becaue it provides the encryption services used by bacula in data encryption. Other software provides compatible services (and in particular could decrypt the files), but currently to get data encryption in bacula one needs openssl. Do I have that right? Also, am I correct that encryption (like compression) occurs that level of the individual file? So to recover encrypted data with some other software would mean restoring the files and then decrypting the individual files? > > Thanks for the info. It's also very good news about the licensing. > > Ross |