Re: [Bacula-devel] Feature Request: Storage Daemon based encryption

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

On Feb 16, 2009, at 11:15 AM, Steve Polyack wrote:

>
>      Feature Request Form
>
> Item n:   Storage Daemon based encryption
>  Origin: Steve Polyack <korvus at comcast dot net>
>  Date:   16 February 2009
>  Status: new
>
>  What:   The ability to encrypt and decrypt data that moves between  
> the storage daemon and its storage devices.
>
>  Why:    Storage daemon based encryption could simplify the  
> encryption of data in an environment where the links between SDs and  
> FDs are local and trusted.
>          Job data could be protected as it is written to tape, DVD,  
> or other media which may be used for off-site storage.
>
>  Notes:  * Environments with many backup clients would not have to  
> maintain secure and safe storage of many keys
>          * This adds the ability to migrate existing tapes to an  
> encrypted format; read the plaintext tape to disk, write the data  
> back out encrypted to
>            another tape.

As an addendum to the feature request, here are some crypto  
implementation details I wrote up regarding SD-encryption back in Jan  
2008:
	http://www.mail-archive.com/bac...@li.../msg28860.html

Cheers,
Landon