2 \chapter{Data Encryption}
4 \index[general]{Data Encryption}
5 \index[general]{Encryption!Data}
6 \index[general]{Data Encryption}
8 Bacula permits file data encryption and signing within the File Daemon (or
9 Client) prior to sending data to the Storage Daemon. Upon restoration,
10 file signatures are validated and any mismatches are reported. At no time
11 does the Director or the Storage Daemon have access to unencrypted file
15 It is very important to specify what this implementation does NOT
18 \item There is one important restore problem to be aware of, namely, it's
19 possible for the director to restore new keys or a Bacula configuration
20 file to the client, and thus force later backups to be made with a
21 compromised key and/or with no encryption at all. You can avoid this by
22 not changing the location of the keys in your Bacula File daemon
23 configuration file, and not changing your File daemon keys. If you do
24 change either one, you must ensure that no restore is done that restores
25 the old configuration or the old keys. In general, the worst effect of
26 this will be that you can no longer connect the File daemon.
28 \item The implementation does not encrypt file metadata such as file path
29 names, permissions, and ownership. Extended attributes are also currently
30 not encrypted. However, Mac OS X resource forks are encrypted.
34 Encryption and signing are implemented using RSA private keys coupled with
35 self-signed x509 public certificates. This is also sometimes known as PKI
36 or Public Key Infrastructure.
39 Each File Daemon should be given its own unique private/public key pair.
40 In addition to this key pair, any number of "Master Keys" may be specified
41 -- these are key pairs that may be used to decrypt any backups should the
42 File Daemon key be lost. Only the Master Key's public certificate should
43 be made available to the File Daemon. Under no circumstances should the
44 Master Private Key be shared or stored on the Client machine.
47 The Master Keys should be backed up to a secure location, such as a CD
48 placed in a in a fire-proof safe or bank safety deposit box. The Master
49 Keys should never be kept on the same machine as the Storage Daemon or
50 Director if you are worried about an unauthorized party compromising either
51 machine and accessing your encrypted backups.
54 While less critical than the Master Keys, File Daemon Keys are also a prime
55 candidate for off-site backups; burn the key pair to a CD and send the CD
56 home with the owner of the machine.
59 NOTE!!! If you lose your encryption keys, backups will be unrecoverable.
60 {\bf ALWAYS} store a copy of your master keys in a secure, off-site location.
63 The basic algorithm used for each backup session (Job) is:
65 \item The File daemon generates a session key.
66 \item The FD encrypts that session key via PKE for all recipients (the file
67 daemon, any master keys).
68 \item The FD uses that session key to perform symmetric encryption on the data.
72 \section{Building Bacula with Encryption Support}
73 \index[general]{Building Bacula with Encryption Support}
75 To build Bacula with encryption support, you will need
76 the OpenSSL libraries and headers installed. When configuring Bacula, use:
79 ./configure --with-openssl ...
83 Please note, the Bacula Enterprise binaries are all built with
86 \section{Encryption Technical Details}
87 \index[general]{Encryption Technical Details}
88 The implementation uses 128bit AES-CBC, with RSA encrypted symmetric
89 session keys. The RSA key is user supplied.
90 If you are running OpenSSL 0.9.8 or later, the signed file hash uses
91 SHA-256 -- otherwise, SHA-1 is used.
94 End-user configuration settings for the algorithms are not currently
95 exposed -- only the algorithms listed above are used. However, the
96 data written to Volume supports arbitrary symmetric, asymmetric, and
97 digest algorithms for future extensibility, and the back-end
98 implementation currently supports:
101 Symmetric Encryption:
102 - 128, 192, and 256-bit AES-CBC
105 Asymmetric Encryption (used to encrypt symmetric session keys):
116 The various algorithms are exposed via an entirely re-usable,
117 OpenSSL-agnostic API (ie, it is possible to drop in a new encryption
118 backend). The Volume format is DER-encoded ASN.1, modeled after the
119 Cryptographic Message Syntax from RFC 3852. Unfortunately, using CMS
120 directly was not possible, as at the time of coding a free software
121 streaming DER decoder/encoder was not available.
126 \index[general]{Encryption Implement Concepts}
127 Data encription is configured in Bacula only in the File Daemon.
128 The Job report that is produced at the end of each job has a
129 line indicating whether or not encryption was enabled:
134 Encryption: no/yes <===
141 \section{Generating Private/Public Encryption Keys}
142 \index[general]{Generating Private/Public Encryption Keypairs}
144 Generate a Master Key Pair (once) with:
148 openssl genrsa -out master.key 2048
149 openssl req -new -key master.key -x509 -out master.cert
153 Save these files (master.key and master.cert) as you
154 will need them to create File Daemon keys or in case
155 you loose the File Daemon keys.
159 Generate a File Daemon Key Pair for each FD:
162 openssl genrsa -out fd-example.key 2048
163 openssl req -new -key fd-example.key -x509 -out fd-example.cert
164 cat fd-example.key fd-example.cert >fd-example.pem
168 When configuring the File Daemon (next section), you will need
169 the keys you just generated here, so you will need to transmit
170 them to the machine where the FD is installed.
173 Note, there seems to be a lot of confusion around the file extensions given
174 to these keys. For example, a .pem file can contain all the following:
175 private keys (RSA and DSA), public keys (RSA and DSA) and (x509) certificates.
176 It is the default format for OpenSSL. It stores data Base64 encoded DER format,
177 surrounded by ASCII headers, so is suitable for text mode transfers between
178 systems. A .pem file may contain any number of keys either public or
179 private. We use it in cases where there is both a public and a private
183 Typically, above we have used the .cert extension to refer to X509
184 certificate encoding that contains only a single public key.
187 \section{Example Data Encryption Configuration}
188 \index[general]{Example!File Daemon Configuration File}
189 \index[general]{Example!Data Encryption Configuration File}
190 \index[general]{Example Data Encryption Configuration}
192 When configuring the FD, use the keys generated above in a
193 FD configuration file that will look something like the
202 FDport = 9102 # where we listen for the director
203 WorkingDirectory = /opt/bacula/working
204 Pid Directory = /var/run
205 Maximum Concurrent Jobs = 20
207 PKI Signatures = Yes # Enable Data Signing
208 PKI Encryption = Yes # Enable Data Encryption
209 PKI Keypair = "/opt/bacula/etc/fd-example.pem" # Public and Private Keys
210 PKI Master Key = "/opt/bacula/etc/master.cert" # ONLY the Public Key
215 You must restart your File Daemon after making this change
216 to the bacula-fd.conf file.
219 Note: the PKIMasterKey directive is not manditory, but if used
220 will allow you to decrypt the files if ever the FD PKIKeypair is lost.
221 If you loose the FD's PKIKeypair, you will not be able to recover
222 your data unless you have used a PKIMasterKey.
224 \section{Decrypting with a Master Key}
225 \index[general]{Decrypting with a Master Key}
226 It is preferable to retain a secure, non-encrypted copy of the
227 client's own encryption keypair. However, should you lose the
228 client's keypair, recovery with the master keypair is possible.
231 First create a keypair with:
235 cat master.key master.cert >master.pem
240 Then modify your File Daemons configuration file to use
247 FDport = 9102 # where we listen for the director
248 WorkingDirectory = /opt/bacula/working
249 Pid Directory = /var/run
250 Maximum Concurrent Jobs = 20
252 PKI Signatures = Yes # Enable Data Signing
253 PKI Encryption = Yes # Enable Data Encryption
254 PKI Keypair = "/opt/bacula/etc/master.pem" # Master Public and Private Keys
260 Restart your File Daemon and you should be able to recover your