Asymetric encryption configuration

Ľubomír Skirka

unread,

Jul 17, 2025, 10:17:31 AMJul 17

to bareos-users

Hi,

I want to setup backup of windows client with asymmetric encryption. I found docs page about it but I don't understand where to put FileDeamon definition. Can you give me advice to which config file in path C:\ProgramData\Bareos I should put it? I tried all of them but client don't run after it. I also created "C:\ProgramData\Bareos\bareos-fd.d\bareos-fd.conf" but it is ignore by client.

Thanks for help.

Lubomir.

Sebastian Sura

unread,

Jul 18, 2025, 4:56:00 AMJul 18

to bareos...@googlegroups.com

Hi Lubomir

the configuration is stored in 'C:\ProgramData\Bareos\bareos-fd.d\'. In that directory there should be one subdirectory per resource type, i.e.

    Directory: C:\ProgramData\Bareos\bareos-fd.d

Mode                 LastWriteTime         Length Name
----                 -------------         ------ ----
da----          7/3/2025 10:57 PM                client
da----          7/3/2025 10:57 PM                director
d-----          7/3/2025 11:27 PM                edit
da----          7/3/2025 10:57 PM                messages

As you want to modify the client/filedaemon resource, you need to look into the client subdirectory:

    Directory: C:\ProgramData\Bareos\bareos-fd.d\client

Mode                 LastWriteTime         Length Name
----                 -------------         ------ ----
-a----          7/3/2025 11:54 PM            360 myself.conf
-a----         6/27/2025   3:53 AM            355 myself.conf.orig

The file myself.conf (or whatever it is called for you), is the one you should edit if you want to change the client configuration. Normally, if the filedaemon does not start anymore it should emit error messages in the windows event log. Let me know if it did not write anything there for you.

Kind Regards
Sebastian Sura

Am 17.07.25 um 16:17 schrieb Ľubomír Skirka:

--
You received this message because you are subscribed to the Google Groups "bareos-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bareos-users...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bareos-users/7000ec58-cd8a-4639-9a4d-70a2aa925265n%40googlegroups.com.

-- 
 Sebastian Sura                  sebasti...@bareos.com
 Bareos GmbH & Co. KG            Phone: +49 221 630693-0
 https://www.bareos.com
 Sitz der Gesellschaft: Köln | Amtsgericht Köln: HRA 29646
 Komplementär: Bareos Verwaltungs-GmbH
 Geschäftsführer: Stephan Dühr, Jörg Steffens, Philipp Storz

Message has been deleted

Ľubomír Skirka

unread,

Jul 28, 2025, 3:59:34 AMJul 28

to bareos-users

Hi, thanks – I managed to set it up.
However, I don't quite understand why Bareos requires both the private and public key, especially when I only want to perform backups. And when it comes to restoring data, I would manually provide the key on the machine. My main goal is to avoid having the private key on the Director, File Daemon, or Storage Daemon during regular backup time. Is that setup possible? Thanks.

Ľubomír.

Spadajspadaj

unread,

Jul 28, 2025, 4:06:35 AMJul 28

to bareos...@googlegroups.com

As I understand, the idea is that:

1. On the client machine you already have the access to the raw data so the ability to decrypt the backup is not something you need to avoid.

2. Having the private key you can decrypt the backup and hence restore directly on the same machine.

3. Having the private key you can sign the data and authenticate it as coming from this particular client.

To view this discussion visit https://groups.google.com/d/msgid/bareos-users/2274f3b8-fed6-4f17-b77f-f0f8b5777270n%40googlegroups.com.

Reply all

Reply to author

Forward