amcryptsimple uses the same passphrase to encrypt and decrypt data
1. Make sure the encryptsimple dumptype is defined in the dumptypes file:
/etc/amanda/template.d/dumptypes:
define dumptype encrypt-simple-nocomp { root-tar comment "client simple symmetric encryption, dumped with tar" compress none encrypt client client_encrypt "/usr/sbin/amcryptsimple" client_decrypt_option "-d" }
2. Make sure to specify the correct dumptype in the disklist file
/etc/amanda/DailySet1/disklist:
client_host /boot encrypt-simple-nocomp
3. A passfrase needs to be created on the client side if encrypt client is defined in the dumptypes file. Store the passphrase inside the home-directory of the amanda user /var/lib/amanda/ and protect it with the proper permissions
echo my_secret_passphrase > ~amandabackup/.am_passphrase chown amandabackup:disk ~amandabackup/.am_passphrase chmod 700 ~amandabackup/.am_passphrase
4. A passfrase needs to be created on the server side if encrypt server is defined in the dumptypes file. Store the passphrase inside the home-directory of the amanda user /var/lib/amanda/ and protect it with the proper permissions
echo my_secret_passphrase > ~amandabackup/.am_passphrase chown amandabackup:disk ~amandabackup/.am_passphrase chmod 700 ~amandabackup/.am_passphrase
5. When using amrecover the pass phrase needs to be on the server if you need to restore.
echo my_secret_passphrase > ~amandabackup/.am_passphrase chown amandabackup:disk ~amandabackup/.am_passphrase chmod 700 ~amandabackup/.am_passphrase