Bareos's 'scsi crypto'
bscrypto [options] device_name
The purpose of bscrypto is to be a standalone tool for manipulating the SCSI Crypto framework using the SCSI SPIN/SPOUT security pages. This tool allows you to perform standalone crypto operations that are normally performed by the scsicrypto-sd.so plugin in the storage daemon.
You also need bscrypto tool to to the initial setup of things like Key Encryption Keys in the bareos-sd.conf and bareos-dir.conf
A summary of options is included below.
Show version and usage of program.
Perform base64 encoding of keydata. Any binary data is base64 encoded and as such converted to normal ASCII.
Clear encryption key. Clear the encryption key currently loaded on the drive by issueing a SCSI SPOUT clear key page.
Dump the content of given cachefile
Set debug level to <nn>
Show drive encryption status. Request the current drive encryption status by issueing a SCSI SPIN cmd requesting the SPIN_DATA_ENCR_STATUS_PAGE.
Generate new encryption passphrase in keyfile. A passphrase is generated from random data and is ASCII only.
Show content of keyfile. If the data is wrapped using a so called Key Encryption Key you also need the -b flag to base64 decode the data that is wrapped using the algoritm described in RFC3394 which gives binary output.
Populate given cachefile with crypto keys
Reset expiry time for entries of given cachefile
Set encryption key loaded from keyfile. Load the new key from the keyfile and load it into the drives crypto buffer using a SCSI SPOUT command.
Show volume encryption status. Request the current volume encryption status by issueing a SCSI SPIN cmd requesting the SPIN_NEXT_BLOCK_ENCR_STATUS_PAGE.
Wrap/Unwrap the key using RFC3394 aes-(un)wrap using the key in keyfile as a Key Encryption Key After wrapping the data using this option the output is binary so you may want to use the -b flag to base64 encode this data.
This manual page was written by Marco van Wieringen <[email protected]>