
                              amcrypt
Prev  Chapter 36. The Amanda Manual Pages.  Next

-------------------------------------------------------------------------------

Name

amcrypt  reference crypt program for Amanda symmetric data encryption

Synopsis

amcrypt

DESCRIPTION

amcrypt requires aespipe, uuencode and gpg to work. Aespipe is available from
http://loop-aes.sourceforge.net
amcrypt will search for the aespipe program in the following directories: /usr/
bin:/usr/local/bin:/sbin:/usr/sbin.
amcrypt calls amaespipe and pass the passphrase through file descriptor 3. The
passphrase should be stored in ~amanda/.am_passphrase.

How to create encryption keys for amcrypt

1. Create 65 random encryption keys and encrypt those keys using gpg. Reading
from /dev/random may take indefinitely long if kernel's random entropy pool is
empty. If that happens, do some other work on some other console (use keyboard,
mouse and disks).
head -c 2925 /dev/random | uuencode -m - | head -n 66 | tail -n 65 \ | gpg --
symmetric -a > ~amanda/.gnupg/am_key.gpg
This will ask for a passphrase. Remember this passphrase as you will need it in
the next step.
2. Store the passphrase inside the home-directory of the AMANDA-user and
protect it with proper permissions:

  echo my_secret_passphrase > ~amanda/.am_passphrase
  chown amanda:disk ~amanda/.am_passphrase
  chmod 700 ~amanda/.am_passphrase


Key and Passphrase

amcrypt uses the same key to encrypt and decrypt data.
It is very important to store and protect the key and the passphrase properly.
Encrypted backup data can only be recovered with the correct key and
passphrase.

SEE ALSO

amanda(8), amanda.conf(5), aespipe(1), amaespipe(8), gpg(1)
-------------------------------------------------------------------------------

Prev        Up           Next
amcleanup  Home  amcrypt-ossl

