1AMGPGCRYPT(8)           System Administration Commands           AMGPGCRYPT(8)
2
3
4

NAME

6       amgpgcrypt - reference crypt program for Amanda public-key data
7       encryption
8

SYNOPSIS

10       amgpgcrypt  to be called by Amanda only
11

DESCRIPTION

13       amgpgcrypt calls gpg to perform public-key data encryption on Amanda
14       backup.  amgpgcrypt will search for the gpg program in the following
15       directories: /usr/local/bin:/usr/bin:/usr/sbin:/bin:/sbin
16
17       amgpgcrypt sets GNUPGHOME to $AMANDA_HOME/.gnupg where gpg will look
18       for the gpg keys.  amgpgcrypt uses the public key to encrypt the Amanda
19       data and uses the private key to decrypt the Amanda backup data. Thus,
20       passphrase is only required at the time of data restore.
21

KEY AND PASSPHRASE

23       amgpgcrypt uses the private key to decrypt Amanda backup data.
24
25       It is very important to store, manage and  protect the key and the
26       passphrase properly. Encrypted backup data can only be recovered with
27       the correct key and passphrase.
28

HOW TO CREATE ENCRYPTION KEYS AND PASSPHRASE FOR AMGPGCRYPT

30       Store the passphrase that you used in following "gpg --gen-key" command
31       inside the home-directory of the AMANDA-user($amanda_user) and protect
32       it with proper permissions:
33
34          echo my_secret_passphrase > ~$amanda_user/.am_passphrase
35          chown $amanda_user:disk ~$amanda_user/.am_passphrase
36          chmod 700 ~$amanda_user/.am_passphrase
37
38       Run "gpg --gen-key". Below is an example:
39       $ gpg --gen-key
40       gpg (GnuPG) 1.2.6; Copyright (C) 2004 Free Software Foundation, Inc.
41       This program comes with ABSOLUTELY NO WARRANTY.
42       This is free software, and you are welcome to redistribute it
43       under certain conditions. See the file COPYING for details.
44
45       Please select what kind of key you want:
46          (1) DSA and ElGamal (default)
47          (2) DSA (sign only)
48          (4) RSA (sign only)
49       Your selection? 1
50       DSA keypair will have 1024 bits.
51       About to generate a new ELG-E keypair.
52                     minimum keysize is  768 bits
53                     default keysize is 1024 bits
54           highest suggested keysize is 2048 bits
55       What keysize do you want? (1024)
56       Requested keysize is 1024 bits
57       Please specify how long the key should be valid.
58                0 = key does not expire
59             (n)  = key expires in n days
60             (n)w = key expires in n weeks
61             (n)m = key expires in n months
62             (n)y = key expires in n years
63       Key is valid for? (0) 6m
64       Key expires at Sun 06 Aug 2006 03:51:25 PM PDT
65       Is this correct (y/n)? y
66
67       You need a User-ID to identify your key; the software constructs the user id
68       from Real Name, Comment and Email Address in this form:
69           "Heinrich Heine (Der Dichter) (heinrichh@duesseldorf.de)"
70
71       Real name: amandabackup
72       Email address:
73       Comment: gpg keys for amandabackup
74       You selected this USER-ID:
75           "amandabackup (gpg keys for amandabackup)"
76
77       Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
78       You need a Passphrase to protect your secret key.
79
80       We need to generate a lot of random bytes. It is a good idea to perform
81       some other action (type on the keyboard, move the mouse, utilize the
82       disks) during the prime generation; this gives the random number
83       generator a better chance to gain enough entropy.
84
85       We need to generate a lot of random bytes. It is a good idea to perform
86       some other action (type on the keyboard, move the mouse, utilize the
87       disks) during the prime generation; this gives the random number
88       generator a better chance to gain enough entropy.
89
90       public and secret key created and signed.
91       key marked as ultimately trusted.
92
93       pub  1024D/4417A8CB 2006-02-07 amandabackup (gpg keys for amandabackup)
94            Key fingerprint = 139C 6369 44FC 7F1A 655C  E5E9 7EAA 515A 4417 A8CB
95       sub  1024g/8C3A6A78 2006-02-07 [expires: 2006-08-06]
96

FILES

98       $AMANDA_HOME/.gnupg/pubring.gpg
99           The public key.  amgpgcrypt encrypt data with this public key along
100           with the cipher algorithm.
101
102       $AMANDA_HOME/.gnupg/secring.gpg
103           The private/secret key. It´s only needed during
104           amrecover/amrestore. Store and protect it properly during other
105           time.
106
107       $AMANDA_HOME/.am_passphrase
108           The passphrase. It´s only needed during amrecover/amrestore. Store
109           and protect it properly during other time.
110

BUGS

112       Amanda has problem with gpg mdc(modification detection code) in the
113       binary mode.  amgpgcrypt calls gpg with mdc disabled
114

SEE ALSO

116       amanda(8), amanda.conf(5), amcrypt(8), amrestore(8), gpg(1), :
117       http://wiki.zmanda.com
118

AUTHOR

120       Kevin Till <kevin.till@zmanda.com>
121           Zmanda, Inc. (http://www.zmanda.com)
122
123
124
125Amanda 2.6.1p2                    11/05/2009                     AMGPGCRYPT(8)
Impressum