Page last modified 18:52, 2 May 2006 by Ppragin?
Zmanda Documentation > Setting up backups using amcryptsimple to encrypt data to tapes protected by a passphrase

Setting up backups using amcryptsimple to encrypt data to tapes protected by a passphrase

Table of contents
No headers

amcryptsimple uses the same passphrase to encrypt and decrypt data

1. Make sure the encryptsimple dumptype is defined in the dumptypes file:
/etc/amanda/template.d/dumptypes:

define dumptype encrypt-simple-nocomp {
  root-tar
  comment "client simple symmetric encryption, dumped with tar"
  compress none
  encrypt client
  client_encrypt "/usr/sbin/amcryptsimple"
  client_decrypt_option "-d"
}

2. Make sure to specify the correct dumptype in the disklist file
/etc/amanda/DailySet1/disklist:

client_host /boot encrypt-simple-nocomp

3. A passfrase needs to be created on the client side if encrypt client is defined in the dumptypes file. Store the passphrase inside the home-directory of the amanda user /var/lib/amanda/ and protect it with the proper permissions

echo my_secret_passphrase > ~amandabackup/.am_passphrase
chown amandabackup:disk ~amandabackup/.am_passphrase
chmod 700 ~amandabackup/.am_passphrase

4. A passfrase needs to be created on the server side if encrypt server is defined in the dumptypes file. Store the passphrase inside the home-directory of the amanda user /var/lib/amanda/ and protect it with the proper permissions

echo my_secret_passphrase > ~amandabackup/.am_passphrase
chown amandabackup:disk ~amandabackup/.am_passphrase
chmod 700 ~amandabackup/.am_passphrase

5. When using amrecover the pass phrase needs to be on the server if you need to restore.

echo my_secret_passphrase > ~amandabackup/.am_passphrase
chown amandabackup:disk ~amandabackup/.am_passphrase
chmod 700 ~amandabackup/.am_passphrase