GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
BSCRYPTO(8) Backup Archiving REcovery Open Sourced BSCRYPTO(8)

bscrypto - Bareos's 'SCSI Crypto'

bscrypto [options] device_name

The purpose of bscrypto is to be a standalone tool for manipulating the SCSI Crypto framework using the SCSI SPIN/SPOUT security pages. This tool allows you to perform standalone crypto operations that are normally performed by the scsicrypto-sd.so plugin in the storage daemon.

You also need bscrypto tool to to the initial setup of things like Key Encryption Keys in the bareos-sd.conf and bareos-dir.conf

A summary of options is included below.
-?
Show version and usage of program.
-b
Perform base64 encoding of keydata. Any binary data is base64 encoded and as such converted to normal ASCII.
-c
Clear encryption key. Clear the encryption key currently loaded on the drive by issuing a SCSI SPOUT clear key page.
-D <cachefile>
Dump the content of given cachefile
-d <nn>
Set debug level to <nn>
-e
Show drive encryption status. Request the current drive encryption status by issuing a SCSI SPIN cmd requesting the SPIN_DATA_ENCR_STATUS_PAGE.
-g <keyfile>
Generate new encryption passphrase in keyfile. A passphrase is generated from random data and is ASCII only.
-k <keyfile>
Show content of keyfile. If the data is wrapped using a so called Key Encryption Key you also need the -b flag to base64 decode the data that is wrapped using the algorithm described in RFC3394 which gives binary output.
-p <cachefile>
Populate given cachefile with crypto keys
-r <cachefile>
Reset expiry time for entries of given cachefile
-s <keyfile>
Set encryption key loaded from keyfile. Load the new key from the keyfile and load it into the drives crypto buffer using a SCSI SPOUT command.
-v
Show volume encryption status. Request the current volume encryption status by issuing a SCSI SPIN cmd requesting the SPIN_NEXT_BLOCK_ENCR_STATUS_PAGE.
-w <keyfile>
Wrap/Unwrap the key using RFC3394 aes-(un)wrap using the key in keyfile as a Key Encryption Key After wrapping the data using this option the output is binary so you may want to use the -b flag to base64 encode this data.

bareos-sd(8),

This manual page was written by Marco van Wieringen <marco.van.wieringen@bareos.com>
23 February 2013 Marco van Wieringen
Search for    or go to Top of page |  Section 8 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.