Reference simple crypt program for amanda symmetric data encryption
amcryptsimple to be called by Amanda only
amcryptsimple calls gpg to perform symmetric data encryption on Amanda backup. amcryptsimple will search for the gpg program in the following directories: /usr/local/bin:/usr/bin:/usr/sbin:/bin:/sbin
amcryptsimple uses one passphrase to encrypt the Amanda data and uses the same passphrase to decrypt the Amanda backup data. amcryptsimple uses AES256 as the symmetric cipher.
Store the passphrase inside the home-directory of the Amanda user ($amanda_user) and protect it with proper permissions:
echo my_secret_passphrase > ~$amanda_user/.am_passphrase chown $amanda_user:disk ~$amanda_user/.am_passphrase chmod 700 ~$amanda_user/.am_passphrase
Choose a good passphrase and protect it properly. Backup data can only be restored with the passphrase. There is no backdoor.
If storing and securing passphrase in your environment presents challenges, Amanda provide public-key data encryption through amgpgcrypt. Public-key encryption uses the public key to encrypt and uses the private key to decrypt.
Kevin Till <[email protected]>
Zmanda, Inc. (http://www.zmanda.com)