|
|
Line 1: |
Line 1: |
| ==NAME==
| | See {{man|8|amcrypt}}. |
| ''amcrypt'' - reference crypt program for Amanda symmetric data encryption
| |
| | |
| ==SYNOPSIS==
| |
| amcrypt
| |
| | |
| ==DESCRIPTION==
| |
| Amcrypt requires aespipe and gpg to work. Aespipe is available from http://loop-aes.sourceforge.net/
| |
| | |
| Amcrypt will search for aespipe program in the following directory: /usr/bin:/usr/local/bin:/sbin:/usr/sbin.
| |
| | |
| Amcrypt calls amaespipe and pass the passphrase through file descriptor 3. Passphrase should be stored in amanda/.am_passphrase.
| |
| | |
| ===HOW TO CREATE ENCRYPTION KEYS FOR AMCRYPT===
| |
| *Create 65 random encryption keys and encrypt those keys using gpg. Reading from /dev/random may take indefinitely long if kernel’s random entropy pool is empty. If that happens, do some other work on some other console (use keyboard, mouse and disks).
| |
| | |
| | |
| head -c 2925 /dev/random | uuencode -m - | head -n 66 | tail -n 65 \ | gpg --symmetric -a > ~amanda/.gnupg/am_key.gpg
| |
| | |
| This will ask for a passphrase. Remember this passphrase as you will need it in the next step.
| |
| | |
| *Store the passphrase inside the home-directory of the Amanda-user and protect it with proper permissions:
| |
| echo my_secret_passphrase > ~amanda/.am_passphrase
| |
| chown amanda:disk ~amanda/.am_passphrase
| |
| | |
| ===KEY AND PASSPHRASE===
| |
| Amcrypt uses the same key to encrypt and decrypt data.
| |
| | |
| It is very important to store and protect the key and the passphrase properly. Encrypted backup data can only be
| |
| recovered with the correct key and passphrase.
| |
| | |
| ==SEE ALSO==
| |
| [[amanda]](8), [[amanda.conf]](5), aespipe(1), [[amaespipe]](8), gpg(1)
| |