Backup Your Keys

In case of losing your symmetrical keys and/or your master key(s), your data is not recoverable. Therefore, it is important to backup your keys.

Your symmetrical keys are stored in the /opt/bacula/etc/keydir directory by default. This directory may be modified with the –key-dir option in the command line that is configured with the Encryption Command directive defined above. This directory must be backed up regularly.

Your master keys are stored in the /opt/bacula/etc/gnupg directory by default. This directory is defined in the key manager configuration file (by default /opt/bacula/etc/key-manager.conf) in the [default] section under the gnupghome directive as seen above. The key-manager.conf file can be relocated with the –config option in the command defined in Encryption Command directive defined above. The default passphrase is stored in the key-manager.conf. You just need to backup the key-manager.conf file, and the /opt/bacula/etc/gnupg directory.

You can export your default private key using the command:

# gpg --homedir /opt/bacula/etc/gnupg --output private.pgp --armor --export-secret-key bacula@localhost

It asks you for the passphrase that is saved in you key-manager.conf file. This exports an ASCII armored version of your private key into the file private.pgp. You can print it and/or save it on USB drive or elsewhere.

See also

Go back to:

• New Storage Daemon Directives

• Encryption Command

• Compatibility between Volumes Using BB02 and BB03 Formats

• Interoperability between Encrypted and Unencrypted Volumes

• Using Master Key

• Master Key Implementation

• key-manager.conf File Format

Go to:

• What Is Encrypted

Go back to the Storage Daemon Data Encryption chapter.

Go back to the main Data Encryption chapter.

Go back to the main Advanced Features Usage page.