.\"Generated by db2man.xsl. Don't modify this, modify the source. .de Sh \" Subsection .br .if t .Sp .ne 5 .PP \fB\\$1\fR .PP .. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Ip \" List item .br .ie \\n(.$>=3 .ne \\$3 .el .ne 3 .IP "\\$1" \\$2 .. .TH "AMCRYPT" 8 "" "" "" .SH NAME amcrypt \- reference crypt program for Amanda symmetric data encryption .SH "SYNOPSIS" .ad l .hy 0 .HP 8 \fBamcrypt\fR .ad .hy .SH "DESCRIPTION" .PP \fBamcrypt\fR requires \fBaespipe\fR and \fBgpg\fR to work\&. Aespipe is available from : http://loop-aes.sourceforge.net .PP \fBamcrypt\fR will search for the aespipe program in the following directories: /usr/bin:/usr/local/bin:/sbin:/usr/sbin\&. \fBamcrypt\fR calls \fBamaespipe\fR and pass the \fBpassphrase\fR through file descriptor 3\&. The passphrase should be stored in ~amanda/\&.am_passphrase\&. .SH "HOW TO CREATE ENCRYPTION KEYS FOR AMCRYPT" 1\&. Create 65 random encryption keys and encrypt those keys using gpg\&. Reading from /dev/random may take indefinitely long if kernel's random entropy pool is empty\&. If that happens, do some other work on some other console (use keyboard, mouse and disks)\&. .PP head \-c 2925 /dev/random | uuencode \-m \- | head \-n 66 | tail \-n 65 \\ | gpg \-\-symmetric \-a > ~amanda/\&.gnupg/am_key\&.gpg .PP This will ask for a passphrase\&. Remember this passphrase as you will need it in the next step\&. .PP 2\&. Store the passphrase inside the home\-directory of the AMANDA\-user and protect it with proper permissions: .nf echo my_secret_passphrase > ~amanda/\&.am_passphrase chown amanda:disk ~amanda/\&.am_passphrase chmod 700 ~amanda/\&.am_passphrase .fi .SH "KEY AND PASSPHRASE" .PP \fBamcrypt\fR uses the same key to encrypt and decrypt data\&. It is very important to store and protect the key and the passphrase properly\&. Encrypted backup data can \fBonly\fR be recovered with the correct key and passphrase\&. .SH "SEE ALSO" .PP \fBamanda\fR(8), \fBamanda\&.conf\fR(5), \fBaespipe\fR(1), \fBamaespipe\fR(8), \fBgpg\fR(1)