1 <?xml version="1.0" encoding="ISO-8859-1"?>
2 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
3 "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd"
5 <!-- entities files to use -->
6 <!ENTITY % global_entities SYSTEM 'global.entities'>
10 <refentry id='amcrypt.8'>
12 <refentrytitle>amcrypt</refentrytitle>
13 <manvolnum>8</manvolnum>
19 <refname>amcrypt</refname>
20 <refpurpose>reference crypt program for Amanda symmetric data encryption</refpurpose>
25 <!-- body begins here -->
28 <command>amcrypt</command>
33 <refsect1><title>DESCRIPTION</title>
35 requires <emphasis remap='B'>aespipe</emphasis>, <emphasis
36 remap='B'>uuencode</emphasis> and <emphasis
37 remap='B'>gpg</emphasis> to work. Aespipe is available from <ulink
38 url="http://loop-aes.sourceforge.net"/></para>
39 <para>&amcrypt; will search for the aespipe program in the following directories:
40 /usr/bin:/usr/local/bin:/sbin:/usr/sbin.</para>
41 <para>&amcrypt; calls &amaespipe; and pass the
42 <emphasis remap='B'>passphrase</emphasis> through file descriptor 3.
43 The passphrase should be stored in ~amanda/.am_passphrase.</para>
46 <refsect1><title>How to create encryption keys for amcrypt</title>
47 <para>1. Create 65 random encryption keys and encrypt those keys using gpg. Reading
48 from /dev/random may take indefinitely long if kernel's random entropy pool
49 is empty. If that happens, do some other work on some other console (use
50 keyboard, mouse and disks).</para>
51 <para> head -c 2925 /dev/random | uuencode -m - | head -n 66 | tail -n 65 \
52 | gpg --symmetric -a > ~amanda/.gnupg/am_key.gpg
54 <para>This will ask for a passphrase. Remember this passphrase as you will need
55 it in the next step.</para>
56 <para>2. Store the passphrase inside the home-directory of the AMANDA-user and
57 protect it with proper permissions:</para>
60 echo my_secret_passphrase > ~amanda/.am_passphrase
61 chown amanda:disk ~amanda/.am_passphrase
62 chmod 700 ~amanda/.am_passphrase
67 <refsect1><title>Key and Passphrase</title>
68 <para>&amcrypt; uses the same key to encrypt and decrypt data.</para>
69 <para>It is very important to store and protect the key and the passphrase
70 properly. Encrypted backup data can <emphasis remap='B'>only</emphasis> be recovered with the correct key and
75 <manref name="amanda.conf" vol="5"/>,
76 <manref name="aespipe" vol="1"/>,
77 <manref name="amaespipe" vol="8"/>,
78 <manref name="gpg" vol="1"/>