--- /dev/null
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd"
+[
+ <!-- entities files to use -->
+ <!ENTITY % global_entities SYSTEM '../entities/global.entities'>
+ %global_entities;
+]>
+
+<refentry id='amcrypt-ossl.8'>
+
+<refmeta>
+ <refentrytitle>amcrypt-ossl</refentrytitle>
+ <manvolnum>8</manvolnum>
+</refmeta>
+<refnamediv>
+ <refname>amcrypt-ossl</refname>
+ <refpurpose>crypt program for &A; symmetric data encryption using OpenSSL</refpurpose>
+</refnamediv>
+<!-- body begins here -->
+<refsynopsisdiv>
+ <cmdsynopsis>
+ <command>amcrypt-ossl</command>
+ <arg choice="opt">-d</arg>
+ </cmdsynopsis>
+</refsynopsisdiv>
+<refsect1>
+ <title>DESCRIPTION</title>
+ <para>
+ &amcryptossl; uses <emphasis remap='B'>OpenSSL</emphasis> to encrypt
+ and decrypt data. OpenSSL is available from <ulink
+ url="http://www.openssl.org/">www.openssl.org</ulink>. OpenSSL
+ offers a wide variety of cipher choices (&amcryptossl; defaults to
+ 256-bit AES) and can use hardware cryptographic accelerators on several
+ platforms.
+ </para>
+ <para>
+ &amcryptossl; will search for the OpenSSL program in the following
+ directories: /bin:/usr/bin:/usr/local/bin:/usr/ssl/bin:/usr/local/ssl/bin.
+ </para>
+</refsect1>
+<refsect1>
+ <title>PASSPHRASE MANAGEMENT</title>
+ <para>
+ &amcryptossl; uses the same pass phrase to encrypt and decrypt data.
+ It is very important to store and protect the pass phrase properly.
+ Encrypted backup data can <emphasis remap='B'>only</emphasis> be
+ recovered with the correct passphrase.
+ </para>
+ <para>
+ OpenSSL's key derivation routines use a salt to guard against
+ dictionary attacks on the pass phrase; still it is important to pick
+ a pass phrase that is hard to guess. The Diceware method (see <ulink
+ url="http://www.diceware.com/">www.diceware.com</ulink>) can be used to create passphrases
+ that are difficult to guess and easy to remember.
+ </para>
+</refsect1>
+<refsect1>
+ <title>FILES</title>
+ <variablelist remap='TP'>
+ <varlistentry>
+ <term>/var/lib/amanda/.am_passphrase</term>
+ <listitem>
+ <para>
+ File containing the pass phrase. It should not be readable by any user other than the &A; user.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+</refsect1>
+<refsect1>
+ <title>SEE ALSO</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>amanda</refentrytitle>
+ <manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>amanda.conf</refentrytitle>
+ <manvolnum>5</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>openssl</refentrytitle>
+ <manvolnum>1</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>amcrypt-ossl-asym</refentrytitle>
+ <manvolnum>8</manvolnum>
+ </citerefentry>
+ </para>
+</refsect1>
+
+</refentry>