examples/encrypted_rmt/README

   1 This is a set of changes to the Linux "rmt" utility
   2 to support transparent encryption.
   3 Data is encrypted before it is written to tape, and decrypted when read.
   4 We use no padding or salt, so the data size doesn't change.
   5 Tools that use rmt for remote tape access (such as dump, restore
   6 and tar) can manipulate encrypted data without modification.
   7
   8 The symmetric cipher is currently hardwired as Blowfish.
   9
  10 [...]
  11
  12 Building ermt:
  13 - Ensure that openssl-0.9.7a or later is installed.
  14 - Configure and build the package, enabling ermt support:
  15         ./configure --enable-ermt
  16         make
  17   This will build an extra binary: rmt/ermt, the encrypting version.
  18   If ermt fails to link because EVP_CIPHER_CTX_set_padding
  19   is undefined, you must upgrade to openssl-0.9.7a or later.
  20
  21 Run-time setup:
  22 - Create a user for remote tape access, which we will call "dump":
  23         useradd -m dump
  24 - ermt reads the secret key from ".ermt.key".
  25   Generate a random key in ~dump/.ermt.key:
  26         su - dump
  27         openssl rand -out .ermt.key 32
  28         chmod 400 .ermt.key
  29   Due to the way "openssl enc -kfile $file" reads the key file,
  30   you should ensure that the key contains no \0 or \r or \n characters,
  31   which would prematurely truncate the key length.
  32 - Protect the key: copy to many floppies, "od -x .ermt.key|lpr", etc.
  33 - Set up rsh access from root (or whoever you run dump as)
  34   to dump@localhost:
  35         # still running as user dump here
  36         echo localhost root > .rhosts
  37         chmod 400 .rhosts
  38   Or use ssh if you prefer; details left as an exercise.
  39 - Check that it works: run "rsh localhost -l dump date" as root.
  40 - Copy the ermt binary you built above to ~dump,
  41   and change dump's shell to ~dump/ermt.
  42
  43 Backup usage: just dump remotely to localhost:
  44
  45         dump -0u -f dump@localhost:/dev/st0 /
  46         restore -i -f dump@localhost:/dev/st0
  47         # You can use GNU tar too
  48
  49 If your device is doing hardware compression, it's best to turn
  50 it off, since encrypted data compresses very poorly.
  51
  52 Emergency decrypting: if you need to restore a tape and
  53 don't have access to a host running ermt,
  54 you have two choices:
  55 - If you have a copy of the ermt binary, run it with the -d switch
  56   to decrypt stdin to stdout:
  57         dd if=/dev/st0 bs=10k |
  58         (cd ~dump; ./ermt -d) |         # assuming ermt is in ~dump
  59         restore -i -f -
  60 - If not, use the OpenSSL "openssl" command, which does the same thing:
  61         dd if=/dev/st0 bs=10k |
  62         openssl enc -d -kfile ~dump/.ermt.key -blowfish -nosalt -nopad |
  63         restore -i -f -
  64   Versions of OpenSSL before 0.9.7a don't understand -nopad,
  65   so they won't work.
  66
  67 How much does encryption slow down backups?
  68 In my tests, the network hop is the bottleneck:
  69 dumping unencrypted (i.e. standard rmt) to localhost is 38%
  70 slower than dumping directly to tape.
  71 Adding encryption makes no difference, which isn't surprising.
  72
  73 Change log:
  74         2003-04-08: added configure --enable-ermt, separate ermt binary
  75         2003-04-06: Initial release
  76
  77 -- Ken Lalonde <ken@globalremit.com>