Bacula-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Bacula-users] Unable to restore some encrypted Windows 2003 backups with master.pem

2012-04-04 11:03:06
Subject: [Bacula-users] Unable to restore some encrypted Windows 2003 backups with master.pem
From: Hugo Letemplier <hugo.let.35 AT gmail DOT com>
To: bacula-users <bacula-users AT lists.sourceforge DOT net>
Date: Wed, 4 Apr 2012 16:59:58 +0200 
Hello, I have tested encryption/decryption on many bacula backups but
one job is tricky

I have Linux, MacOSX and Windows 2003 servers
I have master.cert and one fd.pem for encryption on each client.
fd.pem is specific for each client
master.cert is on every client and allow to decrypt with the "secret"
master.pem in the case we loose the specific backup key.

My bacula server is unable to restore 1 of my three Windows servers
using the master.pem keypair

With bacula, I used an SQLQuery to check all the master.pem certificates.

SELECT DISTINCT
  path.path,
  file.md5,
  job.starttime,
  client.name
FROM
    public.client,
    public.file,
    public.filename,
    public.path,
    public.job
WHERE
    client.clientid = job.clientid AND
    file.jobid = job.jobid AND
    file.filenameid = filename.filenameid AND
    file.pathid = path.pathid AND
    filename.name = 'master.cert'
ORDER BY file.md5,client.name,path.path,job.starttime

Result shows me that md5 hash are different on different OS
ex 1 hash on all osx server, one hash on all linux server

But on windows md5 are always different whatever is the machine !
2 of my three windows machines uses the same bacula 5.0.3 binaries
downloaded from the bacula Repo

All the master.cert are ASCII files with the same content.
All the master.cert on Windows are coded with CRLF carrier return
All the master.cert on Linux/Mac are coded with LF carrier return

With another md5 function i got the same master.cert hash on every
Linux/Mac and the same other hash on every Windows system.

I dont understand where does the problem come from …
For the moment I keep in security every pem files from my file daemons
but it's a really trikky situation that makes no error !!!! Every
thing works except the restore on one machine !!!!
That passes completely unperceived because your are not checking that
master restore is working on every client deployment !!!!

I think that bacula have to check the encryption certificates, that
dummy Windows bacula version never checks the validity of the master
public key !

What should be the right format and encoding for bacula certificates ?
Everything works except on one Windows !
I advice everybody to check their windows restoration via the master.pem file


Thank for your help


Hugo

------------------------------------------------------------------------------
Better than sec? Nothing is better than sec when it comes to
monitoring Big Data applications. Try Boundary one-second 
resolution app monitoring today. Free.
http://p.sf.net/sfu/Boundary-dev2dev
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Bacula-users] Calling a restore job during a backup job., Rob Becker
Next by Date:  Re: [Bacula-users] Chained copy job, Uwe Schuerkamp
Previous by Thread:  [Bacula-users] Calling a restore job during a backup job., Rob Becker
Next by Thread:  Re: [Bacula-users] Unable to restore some encrypted Windows 2003 backups with master.pem, Martin Simmons
Indexes:  [Date] [Thread] [Top] [All Lists]