Menu
▾
▴
[Bacula-users] [OT?] Enable hardware encryption on RDX...
|
From: Udo K. <ba...@in...> - 2025-03-11 17:49:12
|
Am 10.03.25 um 11:20 schrieb Marco Gaiarin: > After fiddling a bit with tapes, i'm trying to enable hardware encryption on > RDX, using stenc. > > Seems supported: > > root@sdpve2:~# /usr/bin/stenc -f /dev/disk/by-id/usb-TANDBERG_RDX_008650987562-0:0 --detail > Status for /dev/disk/by-id/usb-TANDBERG_RDX_008650987562-0:0 > -------------------------------------------------- > Device Mfg: TANDBERG > Product ID: RDX > Product Revision: 0283 > Drive Encryption: off > Drive Output: Not decrypting > Raw encrypted data not outputted > Drive Input: Not encrypting > Key Instance Counter: 0 > Volume Encryption: Unknown result '0' > > But trying some set of 'address' index (at least, from 0 to 7) there's no > way to enroll the key: > > root@sdpve2:~# /usr/bin/stenc -f "/dev/disk/by-id/usb-TANDBERG_RDX_008650987562-0:0" -e mixed -a 0 -k "/etc/bacula/certs/sdpve2-8650987562-256-2025.key" > Provided key length is 256 bits. > Key checksum is 9c. > Turning on encryption on device '/dev/disk/by-id/usb-TANDBERG_RDX_008650987562-0:0'... > Sense Code: Illegal Request (0x05) > ASC: 0x24 > ASCQ: 0x00 > Additional data: 0x000000000000000000000000 > Error: Turning encryption on for '/dev/disk/by-id/usb-TANDBERG_RDX_008650987562-0:0' failed! > Usage: stenc --version | -g <length> -k <file> [-kd <description>] | -f <device> [--detail] [-e <on/mixed/rawread/off> [-k <file>] [-kd <description>] [-a <index>] [--protect | --unprotect] [--ckod] ] > Type 'man stenc' for more information. > > > I've tried also 128bit key. I've tried with mounted disk or unmounted. > > > Someone have some clue? Thanks. Hi Marco, On my Quantum Superloaders there needs to be a tape in the drive to accept the key and bacula-sd must be stopped (did not try if bconsole release suffices). Encryption on RDX is working differently: https://ftp1.overlandtandberg.com/website/website/WP_Introducing_RDX_PowerEncrypt.pdf Cheers, Udo |
