2 .\" Author: Kevin Till <kevin.till@zmanda.com>
3 .\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
5 .\" Manual: System Administration Commands
6 .\" Source: Amanda 2.6.1
9 .TH "AMCRYPT" "8" "01/22/2009" "Amanda 2\&.6\&.1" "System Administration Commands"
10 .\" -----------------------------------------------------------------
11 .\" * (re)Define some macros
12 .\" -----------------------------------------------------------------
13 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
14 .\" toupper - uppercase a string (locale-aware)
15 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
17 .tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
19 .tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
21 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
22 .\" SH-xref - format a cross-reference to an SH section
23 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
32 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
33 .\" SH - level-one heading that works better for non-TTY output
34 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
36 .\" put an extra blank line of space above the head in non-TTY output
43 .nr an-prevailing-indent \\n[IN]
47 .HTML-TAG ".NH \\n[an-level]"
49 .nr an-no-space-flag 1
51 \." make the size of the head bigger
56 .\" if n (TTY output), use uppercase
61 .\" if not n (not TTY), use normal case (not uppercase)
65 .\" if not n (not TTY), put a border/line under subheading
70 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
71 .\" SS - level-two heading that works better for non-TTY output
72 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
77 .nr an-prevailing-indent \\n[IN]
82 .nr an-no-space-flag 1
85 \." make the size of the head bigger
91 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
92 .\" BB/BE - put background/screen (filled box) around block of text
93 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
106 .if "\\$2"adjust-for-leading-newline" \{\
114 .nr BW \\n(.lu-\\n(.i
117 .ie "\\$2"adjust-for-leading-newline" \{\
118 \M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
121 \M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
132 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
133 .\" BM/EM - put colored marker in margin next to block of text
134 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
151 \M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
159 .\" -----------------------------------------------------------------
160 .\" * set default formatting
161 .\" -----------------------------------------------------------------
162 .\" disable hyphenation
164 .\" disable justification (adjust text to left margin only)
166 .\" -----------------------------------------------------------------
167 .\" * MAIN CONTENT STARTS HERE *
168 .\" -----------------------------------------------------------------
170 amcrypt \- reference crypt program for \fIAmanda\fR symmetric data encryption
173 .HP \w'\fBamcrypt\fR\ 'u
185 to work\&. Aespipe is available from
186 : http://loop-aes.sourceforge.net
190 will search for the aespipe program in the following directories: /usr/bin:/usr/local/bin:/sbin:/usr/sbin\&.
198 through file descriptor 3\&. The passphrase should be stored in ~amanda/\&.am_passphrase\&.
199 .SH "How to create encryption keys for amcrypt"
201 1\&. Create 65 random encryption keys and encrypt those keys using gpg\&. Reading from /dev/random may take indefinitely long if kernel\'s random entropy pool is empty\&. If that happens, do some other work on some other console (use keyboard, mouse and disks)\&.
203 head \-c 2925 /dev/random | uuencode \-m \- | head \-n 66 | tail \-n 65 \e | gpg \-\-symmetric \-a > ~amanda/\&.gnupg/am_key\&.gpg
205 This will ask for a passphrase\&. Remember this passphrase as you will need it in the next step\&.
207 2\&. Store the passphrase inside the home\-directory of the AMANDA\-user and protect it with proper permissions:
209 echo my_secret_passphrase > ~amanda/\&.am_passphrase
210 chown amanda:disk ~amanda/\&.am_passphrase
211 chmod 700 ~amanda/\&.am_passphrase
213 .SH "Key and Passphrase"
217 uses the same key to encrypt and decrypt data\&.
219 It is very important to store and protect the key and the passphrase properly\&. Encrypted backup data can
221 be recovered with the correct key and passphrase\&.
225 \fBamanda.conf\fR(5),
229 : http://wiki.zmanda.com
232 \fBKevin Till\fR <\&kevin\&.till@zmanda\&.com\&>
234 Zmanda, Inc\&. (\FChttp://www\&.zmanda\&.com\F[])