Volume Encryption

The following directive must be incorporated into all devices used to encrypt Volumes:

Volume Encryption = <no|yes|strong>

It allows you to enable encryption for a given device. The encryption can be of 3 different types:

no Default, indicating that the device does not perform encryption.

yes The device encrypts the data, but all information in the Volume label remains in clear text.

strong The device encrypts the data, and obfuscate any information in the Volume label except for the details necessary for Volume management. The fields that are obfuscated are: hostname.

You can change the value of the directive Volume Encryption to Yes or Strong at any time. Volumes that are not encrypted can be read on this device, but cannot be appended until they are recycled. Switching between Yes and Strong is permissible, as the distinction lies solely in the unencrypted label rather than in the blocks that follow.

Changing the value of the directive back to No will deactivate the encryption and make all encrypted Volumes unreadable and ineffective on this device until they are recycled.

When the Device directive is set to Volume Encryption = yes, the blocks in the Volumes are encrypted using the BLOCK_CIPHER_AES_128_XTS or BLOCK_CIPHER_AES_256_XTS cipher algorithms. These symmetric ciphers are efficient and widely employed by most applications requiring symmetric block encryption.

Each block is encrypted using a key that is unique for the Volume and an IV (Initialization Vector), which corresponds to the block number stored in the block header. The XTS ciphers are specifically designed to support an IV with a low entropy.

The initial block of the Volume that holds the Volume Label is not encrypted, as certain fields, such as the Volume Name, are required to manage the Volume and the encryption. Users have an option to obfuscate non-essential fields that may contain sensitive information, e.g. hostname. These fields are replaced by the string “OBFUSCATED”.

The header of the block is not encrypted. This 24-byte header does not hold user information. See the content of the header:

32bit header option bit field
32bit block length
32bit block number
BB03 string
32bit Volume session id
32bit Volume session time.

The Volume session time indicates the time recorded by the Storage Daemon upon startup. The Volume session id is reset to zero when the daemon begins operation and is incremented with each backup performed by the Storage Daemon.

The 64bit XXH64 checksum is encrypted alongside the data. To verify the checksum, the block must be decrypted. If the checksum matches, Bacula uses the right encryption key and the block remains unchanged. It is currently not possible to verify the integrity of the block without the encryption key.