What Is Encrypted

The main goal of encryption is to prevent outsiders without the volume key to read the volume’s data. Bacula does this well, but encryption alone cannot protect against volume modifications.

The first block of the volume is the volume label and it is not encrypted. Some information is required for the management of the volume itself. The only data in the volume label coming from the user are: the hostname, volumename, poolname. The hostname can be obfuscated using the STRONG mode of encryption, the poolname and the volumename could be made useless to an attacker by using a generic name like PoolAlpha or Volume12345.

Important

Data in your catalog database, for example the directories, filenames, and the JobLog are not encrypted.

An attacker can also make some undetected modifications to the volumes. The easiest way is to remove one block inside the volume. Other verifications inside Bacula could detect such a modification and the attacker must be meticulous, but it is a possibility.

The XXH64 checksum inside each volume is encrypted using the encryption key. This is not as strong as using a certified signature, but it provides substantial confidence that the block cannot be modified easily.

To summarize, with volume encryption enabled, you can be confident that:

• An attacker can not read any of your data: Very Strong.

• An attacker can not substitute the volume with another one: Strong.

• An attacker can not modify the contents of the volume: Good.

See also

Go back to:

• New Storage Daemon Directives

• Encryption Command

• Compatibility between Volumes Using BB02 and BB03 Formats

• Interoperability between Encrypted and Unencrypted Volumes

• Using Master Key

• Master Key Implementation

• key-manager.conf File Format

• Backup Your Keys

Go back to the Storage Daemon Data Encryption chapter.

Go back to the main Data Encryption chapter.

Go back to the main Advanced Features Usage page.