Bacula Encryption - Design

This document serves as a centralized collection of ideas and thoughts concerning the design of encryption for the Bacula project.

Project Scope

This is a proof of concept project. We will be keeping things simple. The goal is to get encryption working, and working well, then look at adding features.

Our goal is merely to encrypt the data being backed up. Encrypting or securing the traffic between daemons is outside our scope.

We take the approach that data must be encrypted at the Client (i.e. the File Daemon, bacula-fd). Our initial testing will be such that it does not require modification of anything other than bacula-fd.

Encryption choices

Initial testing will use a simple XOR method for encrypting the file. This allows us to concentrate on getting the code right, rather than on the encryption methods. Eventually, we plan to make use of public key encryption. It will

To encrypt or not encrypt

We take the approach that the decision to encrypt or not encrypt is the decision of the File Daemon. Therefore, any configuration items associated with encryption will be on the Client.

Encryption will either be on or off and will be decided at start up time.

When restoring, the Client will need to know whether or not the backup was originally encrypted or not. For our testing, the Client will assume that everything is to be encrypted at backup and decrypted during the restore. Eventually, we will need to add new stream identifiers to designate that a given stream is encrypted. We might need to identify the encryption method and key fingerprint within the backup.