]>
Commit | Line | Data |
---|---|---|
cdfe1392 SP |
1 | This is a set of changes to the Linux "rmt" utility |
2 | to support transparent encryption. | |
3 | Data is encrypted before it is written to tape, and decrypted when read. | |
4 | We use no padding or salt, so the data size doesn't change. | |
5 | Tools that use rmt for remote tape access (such as dump, restore | |
6 | and tar) can manipulate encrypted data without modification. | |
7 | ||
8 | The symmetric cipher is currently hardwired as Blowfish. | |
9 | ||
10 | [...] | |
11 | ||
12 | Building ermt: | |
13 | - Ensure that openssl-0.9.7a or later is installed. | |
14 | - Configure and build the package, enabling ermt support: | |
15 | ./configure --enable-ermt | |
16 | make | |
17 | This will build an extra binary: rmt/ermt, the encrypting version. | |
18 | If ermt fails to link because EVP_CIPHER_CTX_set_padding | |
19 | is undefined, you must upgrade to openssl-0.9.7a or later. | |
20 | ||
21 | Run-time setup: | |
22 | - Create a user for remote tape access, which we will call "dump": | |
23 | useradd -m dump | |
24 | - ermt reads the secret key from ".ermt.key". | |
25 | Generate a random key in ~dump/.ermt.key: | |
26 | su - dump | |
27 | openssl rand -out .ermt.key 32 | |
28 | chmod 400 .ermt.key | |
29 | Due to the way "openssl enc -kfile $file" reads the key file, | |
30 | you should ensure that the key contains no \0 or \r or \n characters, | |
31 | which would prematurely truncate the key length. | |
32 | - Protect the key: copy to many floppies, "od -x .ermt.key|lpr", etc. | |
33 | - Set up rsh access from root (or whoever you run dump as) | |
34 | to dump@localhost: | |
35 | # still running as user dump here | |
36 | echo localhost root > .rhosts | |
37 | chmod 400 .rhosts | |
38 | Or use ssh if you prefer; details left as an exercise. | |
39 | - Check that it works: run "rsh localhost -l dump date" as root. | |
40 | - Copy the ermt binary you built above to ~dump, | |
41 | and change dump's shell to ~dump/ermt. | |
42 | ||
43 | Backup usage: just dump remotely to localhost: | |
44 | ||
45 | dump -0u -f dump@localhost:/dev/st0 / | |
46 | restore -i -f dump@localhost:/dev/st0 | |
47 | # You can use GNU tar too | |
48 | ||
49 | If your device is doing hardware compression, it's best to turn | |
50 | it off, since encrypted data compresses very poorly. | |
51 | ||
52 | Emergency decrypting: if you need to restore a tape and | |
53 | don't have access to a host running ermt, | |
54 | you have two choices: | |
55 | - If you have a copy of the ermt binary, run it with the -d switch | |
56 | to decrypt stdin to stdout: | |
57 | dd if=/dev/st0 bs=10k | | |
58 | (cd ~dump; ./ermt -d) | # assuming ermt is in ~dump | |
59 | restore -i -f - | |
60 | - If not, use the OpenSSL "openssl" command, which does the same thing: | |
61 | dd if=/dev/st0 bs=10k | | |
62 | openssl enc -d -kfile ~dump/.ermt.key -blowfish -nosalt -nopad | | |
63 | restore -i -f - | |
64 | Versions of OpenSSL before 0.9.7a don't understand -nopad, | |
65 | so they won't work. | |
66 | ||
67 | How much does encryption slow down backups? | |
68 | In my tests, the network hop is the bottleneck: | |
69 | dumping unencrypted (i.e. standard rmt) to localhost is 38% | |
70 | slower than dumping directly to tape. | |
71 | Adding encryption makes no difference, which isn't surprising. | |
72 | ||
73 | Change log: | |
74 | 2003-04-08: added configure --enable-ermt, separate ermt binary | |
75 | 2003-04-06: Initial release | |
76 | ||
77 | -- Ken Lalonde <ken@globalremit.com> |