2 .\" Author: Kevin Till <kevin.till@zmanda.com>
3 .\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
5 .\" Manual: System Administration Commands
6 .\" Source: Amanda 2.6.1
9 .TH "AMGPGCRYPT" "8" "01/22/2009" "Amanda 2\&.6\&.1" "System Administration Commands"
10 .\" -----------------------------------------------------------------
11 .\" * (re)Define some macros
12 .\" -----------------------------------------------------------------
13 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
14 .\" toupper - uppercase a string (locale-aware)
15 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
17 .tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
19 .tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
21 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
22 .\" SH-xref - format a cross-reference to an SH section
23 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
32 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
33 .\" SH - level-one heading that works better for non-TTY output
34 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
36 .\" put an extra blank line of space above the head in non-TTY output
43 .nr an-prevailing-indent \\n[IN]
47 .HTML-TAG ".NH \\n[an-level]"
49 .nr an-no-space-flag 1
51 \." make the size of the head bigger
56 .\" if n (TTY output), use uppercase
61 .\" if not n (not TTY), use normal case (not uppercase)
65 .\" if not n (not TTY), put a border/line under subheading
70 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
71 .\" SS - level-two heading that works better for non-TTY output
72 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
77 .nr an-prevailing-indent \\n[IN]
82 .nr an-no-space-flag 1
85 \." make the size of the head bigger
91 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
92 .\" BB/BE - put background/screen (filled box) around block of text
93 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
106 .if "\\$2"adjust-for-leading-newline" \{\
114 .nr BW \\n(.lu-\\n(.i
117 .ie "\\$2"adjust-for-leading-newline" \{\
118 \M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
121 \M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
132 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
133 .\" BM/EM - put colored marker in margin next to block of text
134 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
151 \M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
159 .\" -----------------------------------------------------------------
160 .\" * set default formatting
161 .\" -----------------------------------------------------------------
162 .\" disable hyphenation
164 .\" disable justification (adjust text to left margin only)
166 .\" -----------------------------------------------------------------
167 .\" * MAIN CONTENT STARTS HERE *
168 .\" -----------------------------------------------------------------
170 amgpgcrypt \- reference crypt program for \fIAmanda\fR public\-key data encryption
173 .HP \w'\fBamgpgcrypt\fR\ 'u
174 \fBamgpgcrypt\fR to be called by \fIAmanda\fR only
182 to perform public\-key data encryption on
186 will search for the gpg program in the following directories: /usr/local/bin:/usr/bin:/usr/sbin:/bin:/sbin
190 sets GNUPGHOME to $AMANDA_HOME/\&.gnupg where gpg will look for the gpg keys\&.
192 uses the public key to encrypt the
194 data and uses the private key to decrypt the
196 backup data\&. Thus, passphrase is only required at the time of data restore\&.
197 .SH "Key and Passphrase"
201 uses the private key to decrypt
205 It is very important to store, manage and protect the key and the passphrase
206 properly\&. Encrypted backup data can \fBonly\fR be recovered with the correct key and
208 .SH "How to create encryption keys and Passphrase for amgpgcrypt"
210 Store the passphrase that you used in following "gpg \-\-gen\-key" command inside the home\-directory of the AMANDA\-user($amanda_user) and protect it with proper permissions:
212 echo my_secret_passphrase > ~$amanda_user/\&.am_passphrase
213 chown $amanda_user:disk ~$amanda_user/\&.am_passphrase
214 chmod 700 ~$amanda_user/\&.am_passphrase
216 Run "gpg \-\-gen\-key"\&. Below is an example:
219 gpg (GnuPG) 1\&.2\&.6; Copyright (C) 2004 Free Software Foundation, Inc\&.
220 This program comes with ABSOLUTELY NO WARRANTY\&.
221 This is free software, and you are welcome to redistribute it
222 under certain conditions\&. See the file COPYING for details\&.
224 Please select what kind of key you want:
225 (1) DSA and ElGamal (default)
229 DSA keypair will have 1024 bits\&.
230 About to generate a new ELG\-E keypair\&.
231 minimum keysize is 768 bits
232 default keysize is 1024 bits
233 highest suggested keysize is 2048 bits
234 What keysize do you want? (1024)
235 Requested keysize is 1024 bits
236 Please specify how long the key should be valid\&.
237 0 = key does not expire
238 (n) = key expires in n days
239 (n)w = key expires in n weeks
240 (n)m = key expires in n months
241 (n)y = key expires in n years
242 Key is valid for? (0) 6m
243 Key expires at Sun 06 Aug 2006 03:51:25 PM PDT
244 Is this correct (y/n)? y
246 You need a User\-ID to identify your key; the software constructs the user id
247 from Real Name, Comment and Email Address in this form:
248 "Heinrich Heine (Der Dichter) (heinrichh@duesseldorf\&.de)"
250 Real name: amandabackup
252 Comment: gpg keys for amandabackup
253 You selected this USER\-ID:
254 "amandabackup (gpg keys for amandabackup)"
256 Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
257 You need a Passphrase to protect your secret key\&.
259 We need to generate a lot of random bytes\&. It is a good idea to perform
260 some other action (type on the keyboard, move the mouse, utilize the
261 disks) during the prime generation; this gives the random number
262 generator a better chance to gain enough entropy\&.
264 We need to generate a lot of random bytes\&. It is a good idea to perform
265 some other action (type on the keyboard, move the mouse, utilize the
266 disks) during the prime generation; this gives the random number
267 generator a better chance to gain enough entropy\&.
269 public and secret key created and signed\&.
270 key marked as ultimately trusted\&.
272 pub 1024D/4417A8CB 2006\-02\-07 amandabackup (gpg keys for amandabackup)
273 Key fingerprint = 139C 6369 44FC 7F1A 655C E5E9 7EAA 515A 4417 A8CB
274 sub 1024g/8C3A6A78 2006\-02\-07 [expires: 2006\-08\-06]
278 \fB$AMANDA_HOME/\&.gnupg/pubring\&.gpg\fR
282 encrypt data with this public key along with the cipher algorithm\&.
285 \fB$AMANDA_HOME/\&.gnupg/secring\&.gpg\fR
287 The private/secret key\&. It\'s only needed during amrecover/amrestore\&. Store and protect it properly during other time\&.
290 \fB$AMANDA_HOME/\&.am_passphrase\fR
292 The passphrase\&. It\'s only needed during amrecover/amrestore\&. Store and protect it properly during other time\&.
297 has problem with gpg mdc(modification detection code) in the binary mode\&.
299 calls gpg with mdc disabled
304 \fBamanda.conf\fR(5),
308 : http://wiki.zmanda.com
311 \fBKevin Till\fR <\&kevin\&.till@zmanda\&.com\&>
313 Zmanda, Inc\&. (\FChttp://www\&.zmanda\&.com\F[])