Encryption: Difference between revisions
Line 1: | Line 1: | ||
== Need for encryption == | == Need for encryption == | ||
Two types of encryption:<br/> | Two types of encryption:<br/> | ||
1) Transport encryption<br/> | 1) '''Transport encryption'''<br/> | ||
Prevent eavesdropping on the network. Amanda solution: kerberos, ssh | Prevent eavesdropping on the network. Amanda solution: kerberos, ssh<br> | ||
2) Data encryption<br/> | |||
2) '''Data encryption'''<br/> | |||
Provide protection in case a tape is in the hand of the wrong party. Amanda solution: newly added encryption feature in 2.5. | Provide protection in case a tape is in the hand of the wrong party. Amanda solution: newly added encryption feature in 2.5. | ||
Revision as of 18:59, 6 January 2006
Need for encryption
Two types of encryption:
1) Transport encryption
Prevent eavesdropping on the network. Amanda solution: kerberos, ssh
2) Data encryption
Provide protection in case a tape is in the hand of the wrong party. Amanda solution: newly added encryption feature in 2.5.
Recent events when credit card company and hotel lost backup tape that's not encrypted. As a result, critical customer information is danger. Reference: http://www.washingtonpost.com/wp-dyn/content/article/2005/12/27/AR2005122700959.html
*Recent amanda-user discussion on encryption*
Server-side and client side encryption
- a new dumptype option, encrypt is added.
- specify either client or server side in the dumptype (not both):
- encrypt client or encrypt server
- specify client side encryption program:
- client_encrypt "your encryption program"
- a sample encryption/decryption program amcrypt is provided. amcrypt is a wrapper of aespipe.
- espipe supports AES128, AES192 and AES256 and it uses SHA-256, SHA-384 and SHA-512 respectively.
- any encryption/decryption program can be used as long as it reads from stdin and writes to stdout.
- client_decrypt_option "decrypt parameter" #default to -d
- client_encrypt "your encryption program"
- specify server side encryption program:
- server_encrypt "your encryption program"
- can use amcrypt as in the case of client encryption.
- server_decrypt_option "decrypt parameter" #default to -d
- server_encrypt "your encryption program"
- The logic assumes compression then encryption during backup(thus decrypt then uncompress during restore). Specifying client-encryption and server-compression is not supported
- dumptype sample:
define dumptype custom-tar { global program "GNUTAR" comment "root partitions dumped with encryption" compress client fast encrypt server server_encrypt "/usr/local/sbin/amcrypt" server_decrypt_option "-d" index priority low }
- The code is partially based on Matthieu Lochegnies's custom compress patch and Stefan G. Weichinger's amgtar script.
- Code has been commited to the sourceforge CVS, rpm can be downloaded from http://www.zmanda.com/downloads.html
Additional packages needed
- aespipe http://loop-aes.sourceforge.net/aespipe/aespipe-v2.3b.tar.bz2 and the bz2aespipe-wrapper that comes with it. It gets patched as described later.
- the wrapper-script amcrypt, as listed below,
- GNU-PG http://www.gnupg.org/(en)/download/index.html. This should be part of most current operating systems already.
Setup
- Configure and compile aespipe:
tar -xjf aespipe-v2.3b.tar.bz2 cd aespipe-v2.3b ./configure make make install
- Generate and store the gpg-key for the AMANDA-user:
# taken from the aespipe-README head -c 2925 /dev/random | uuencode -m - | head -n 66 | tail -n 65 | \ gpg --symmetric -a > ~amanda/.gnupg/am_key.gpg
- This will ask for a passphrase. Remember this passphrase as you will need it in the next step.
Store the passphrase inside the home-directory of the AMANDA-user and protect it with proper permissions:
echo my_secret_passphrase > ~amanda/.am_passphrase chown amanda:disk ~amanda/.am_passphrase chmod 700 ~amanda/.am_passphrase
- We need this file because we don't want to have to enter the passphrase manually everytime we run amdump. We have to patch bz2aespipe to read the passphrase from a file. I have called that file ~amanda/.am_passphrase.
- Store the key and the passphrase in some other place as well, without these information you can't access any tapes that have been encrypted with it (this is exactly why we are doing all this, isn't it? ;) ).
- create amcrypt(or it will available in sourceforge and the rpms) as below:
#!/bin/sh # # Original wrapper by Paul Bijnens # # worked by Stefan G. Weichinger # to enable gpg-encrypted dumps via aespipe # also worked by Matthieu Lochegnies for server-side encryption prefix=/usr/local exec_prefix=${prefix} sbindir=${exec_prefix}/sbin AMANDA_HOME=~amanda AM_AESPIPE=${exec_prefix}/sbin/amaespipe AM_PASSPHRASE=$AMANDA_HOME/.am_passphrase $AM_AESPIPE "$@" 3< $AM_PASSPHRASE rc=$? exit $rc
- create amaespipe(or it will available in sourceforge and the rpms) which is based on wrapper-script bz2aespipe, which comes with the aespipe-tarball:
#! /bin/sh # FILE FORMAT # 10 bytes: constant string 'bz2aespipe' # 10 bytes: itercountk digits # 1 byte: '0' = AES128, '1' = AES192, '2' = AES256 # 1 byte: '0' = SHA256, '1' = SHA384, '2' = SHA512, '3' = RMD160 # 24 bytes: random seed string # remaining bytes are bzip2 compressed and aespipe encrypted # These definitions are only used when encrypting. # Decryption will autodetect these definitions from archive. ENCRYPTION=AES256 HASHFUNC=SHA256 ITERCOUNTK=100 AMANDA_HOME=~amanda WAITSECONDS=1 GPGKEY=""$AMANDA_HOME/.gnupg/am_key.gpg" FDNUMBER=3 PATH=/usr/bin:/usr/local/bin export PATH if test x$1 = x-d ; then # decrypt n=`head -c 10 - | tr -d -c 0-9a-zA-Z` if test x${n} != xbz2aespipe ; then echo "bz2aespipe: wrong magic - aborted" >/dev/tty exit 1 fi itercountk=`head -c 10 - | tr -d -c 0-9` if test x${itercountk} = x ; then itercountk=0; fi n=`head -c 1 - | tr -d -c 0-9` encryption=AES128 if test x${n} = x1 ; then encryption=AES192; fi if test x${n} = x2 ; then encryption=AES256; fi n=`head -c 1 - | tr -d -c 0-9` hashfunc=SHA256 if test x${n} = x1 ; then hashfunc=SHA384; fi if test x${n} = x2 ; then hashfunc=SHA512; fi if test x${n} = x3 ; then hashfunc=RMD160; fi seedstr=`head -c 24 - | tr -d -c 0-9a-zA-Z+/` aespipe -K ${GPGKEY} -p ${FDNUMBER} -e ${encryption} -H ${hashfunc} -S ${seedstr} -C ${itercountk} -d else # encrypt echo -n bz2aespipe echo ${ITERCOUNTK} | awk '{printf "%10u", $1;}' n=`echo ${ENCRYPTION} | tr -d -c 0-9` aesstr=0 if test x${n} = x192 ; then aesstr=1; fi if test x${n} = x256 ; then aesstr=2; fi n=`echo ${HASHFUNC} | tr -d -c 0-9` hashstr=0 if test x${n} = x384 ; then hashstr=1; fi if test x${n} = x512 ; then hashstr=2; fi if test x${n} = x160 ; then hashstr=3; fi seedstr=`head -c 18 /dev/urandom | uuencode -m - | head -n 2 | tail -n 1` echo -n ${aesstr}${hashstr}${seedstr} aespipe -K ${GPGKEY} -p ${FDNUMBER} -e ${ENCRYPTION} -H ${HASHFUNC} -S ${seedstr} -C ${ITERCOUNTK} -w ${WAITSECONDS} fi exit 0
Changes from bz2aespipe:
- Decreased WAITSECONDS: No need to wait for 10 seconds to read the passphrase.
- Removed bzip2 from the pipes: AMANDA triggers GNU-zip-compression by itself, no need to do this twice (slows down things, blows up size).
- Added options -K and -p: This enables aespipe to use the generated gpg-key and tells it the number of the file-descriptor to read the passphrase from.
You may set various parameters inside bz2aespipe. You may also call bz2aespipe with various command-line-parameter to choose the encryption-algorithm, hash-function etc. . For a start I have chosen to call bz2aespipe without command-line-options.
Plans
There are several TODO:
- test to see if aespipe can be replaced by gpg.
- test to see if public-key encryption works.