how to verify, that data on tape is encrypted / encrytion works

557 views
Skip to first unread message

Ilya Ruprecht

unread,
Nov 2, 2015, 12:06:28 PM11/2/15
to bareos-users
Hi all,

following situation:

bareos 15.2.1 @ debian jessie is up and running.
LTO-6 tape-drive is correncly set-up and doing backups.

I've successfully enabled LTO hardware encrytion using

https://github.com/bareos/bareos/blob/master/README.scsicrypto

and labeled a test-tape using "encrypt" option.

Backups are running, restores are running, everything fine.


Now, i want to verify, whether the stuff on the tape is really encrypted.

Question - how to i do it?


My current approach is - i want use "bextract"
and extract one of the sample encrypted backups from tape.

With a regular, non-ecrypted tape, the

bextract -v -b Job124.bsr /dev/nst0 /tmp/restore

should work.

Here i try

bextract -v -b Job123.bsr.encrypted /dev/nst0 /tmp/restore

using the BSR of the encryted job.

The last command fails with a

----------
bextract: butil.c:271-0 Using device: "/dev/nst0" for reading.
02-Nov 17:30 bextract JobId 0: Ready to read from volume "TAP006L6" on device "Drive-1" (/dev/nst0).
02-Nov 17:30 bextract JobId 0: Error: block.c:1003 Read error on fd=3 at file:blk 0:1 on device "Drive-1" (/dev/nst0). ERR=Input/output error.
Bareos status: file=0 block=1
Device status: ONLINE IM_REP_EN file=0 block=-1
0 files restored.
----------

Thus, for me it seems like it fails because of the not (yet) set encryption key.

So, i try to set the encrypton manually.

So, I've got the volume "encryptionkey", which was generated during the labeling procedure from DB.

But using it/setting it by

echo -n "....key..." > keyfile
bscrypto -s keyfile /dev/nst1

does not help.


Is the "encryptionkey" from DB also encrypted with the "Key encryption key" from the bareos-sd setup?

Decryption using kinda

KEY="...key encryption key ..."
echo "...encryptionkey..." | openssl enc -d -aes-256-cbc -k "$KEY"

fails.

So, the main question again: how can i verify, that the data on tape is encrypted / encryption works?

Thanks!!

Ilya

Marco van Wieringen

unread,
Nov 8, 2015, 6:04:37 AM11/8/15
to bareos...@googlegroups.com
The key stored in the database is NOT the actual key but a so called
"wrapped" key which is wraooed with the so called KeyEncryptionKey
which you specify in the director config. This is stored like this on
purpose so people "stealing" your database still have no keys they
also have to "steal" the KeyEncryptionKey.

If you really want to decrypt it you have to look at how the wrapping
works in src/lib/crypto_wrap.c

> Decryption using kinda
>
> KEY="...key encryption key ..."
> echo "...encryptionkey..." | openssl enc -d -aes-256-cbc -k "$KEY"
>
> fails.
>
>
>
> So, the main question again: how can i verify, that the data on tape is encrypted / encryption works?
>
You already verified that as you could not read anything without the key loaded.
But you can also ask the SD for a status of the storage device the
SCSI crypto plugin queries the drive and that will show you exactly
what is going on:

See get_scsi_volume_encryption_status() in src/lib/scsi_crypto.c
That queries the drive and prints all low level information in a human
readable form including if data is encrypted etc. There is one catch we
don't encrypt the label of the tape on purpose so we can still determine
a bad tape from an encrypted tape. e.g. by reading the label we can make
sure we know the tape and that its not a new or unlabeled one. Anything
after the label gets encrypted with the key stored in the database. There
is one small trick we keep a cache of the most recent used tapes so the
SD can start without needing to query the director on startup.

--
Marco van Wieringen marco.van...@bareos.com
Bareos GmbH & Co. KG Phone: +49-221-63069389
http://www.bareos.com

Sitz der Gesellschaft: Köln | Amtsgericht Köln: HRA 29646
Komplementär: Bareos Verwaltungs-GmbH
Geschäftsführer: Stephan Dühr, M. Außendorf, J. Steffens,
P. Storz, M. v. Wieringen

Ilya Ruprecht

unread,
Nov 9, 2015, 8:07:31 AM11/9/15
to bareos-users
Hello Marco,

many thanks for such detailed answer.


Ok, as far i can recognize, in the current source

https://github.com/bareos/bareos/blob/master/src/lib/crypto_wrap.c

the actual tape encryption key is "wrapped" with "KEK" using AES-128-CBC and is not salted.

Now i've tried to decrypt it, but still fail:

--------------------
#:~$ export KEY='Ygo&fN2w^Y3CB&YeUPr0).o@M!nML_9a'
#:~$ echo -n "OKwtmV5wIqzFylV/ORM7qgE6NdnkzH9gXYeFfpUaBAiIKNHrro8RHw" | openssl enc -d -aes-128-cbc -k "$KEY"
bad magic number
#:~$
--------------------


Ist the password for the tape, ^^^ "OKwt..." kind of baseXX encoded?

Same ^^ openssl string but with "-a" fails too

--------------------
#:~$ echo -n "OKwtmV5wIqzFylV/ORM7qgE6NdnkzH9gXYeFfpUaBAiIKNHrro8RHw" | openssl enc -d -aes-128-cbc -k "$KEY" -a
error reading input file
#:~$
--------------------


Any ideas?

Thanks!

Marco van Wieringen

unread,
Nov 9, 2015, 8:41:53 AM11/9/15
to bareos...@googlegroups.com
Yes things are base64 encoded as when you wrap a key you get a "binary" string.
We use our internal base64_to_bin() function to convert things back to the binary
string and then unwrap it. No idea if you get openssl to do the same. But in essence
you also don't have to as bscrypto has all options you need.

e.g. bscrypto -b -w <keyfile> -k <keyfile> or
bscrypto -b -w <keyfile> -s <keyfile>

-b Perform base64 encoding of keydata
-k <keyfile> Show content of keyfile
-s <keyfile> Set encryption key loaded from keyfile
-w <keyfile> Wrap/Unwrap the key using RFC3394 aes-(un)wrap
using the key in keyfile as a Key Encryption Key

A keyfile named - is either stdin or stdout depending on the option

Ilya Ruprecht

unread,
Nov 22, 2015, 9:22:18 AM11/22/15
to bareos-users, marco.van...@bareos.com


Hello Marco,

thanks.

Reply all
Reply to author
Forward
0 new messages