SYNOPSIS

bscrypto [options] device_name

DESCRIPTION

The purpose of bscrypto is to be a standalone tool for manipulating the SCSI Crypto framework using the SCSI SPIN/SPOUT security pages. This tool allows you to perform standalone crypto operations that are normally performed by the scsicrypto-sd.so plugin in the storage daemon.

You also need bscrypto tool to to the initial setup of things like Key Encryption Keys in the bareos-sd.conf and bareos-dir.conf

OPTIONS

A summary of options is included below.

-?

Show version and usage of program.

-b

Perform base64 encoding of keydata. Any binary data is base64 encoded and as such converted to normal ASCII.

-c

Clear encryption key. Clear the encryption key currently loaded on the drive by issueing a SCSI SPOUT clear key page.

-D <cachefile>

Dump the content of given cachefile

-d <nn>

Set debug level to <nn>

-e

Show drive encryption status. Request the current drive encryption status by issueing a SCSI SPIN cmd requesting the SPIN_DATA_ENCR_STATUS_PAGE.

-g <keyfile>

Generate new encryption passphrase in keyfile. A passphrase is generated from random data and is ASCII only.

-k <keyfile>

Show content of keyfile. If the data is wrapped using a so called Key Encryption Key you also need the -b flag to base64 decode the data that is wrapped using the algoritm described in RFC3394 which gives binary output.

-p <cachefile>

Populate given cachefile with crypto keys

-r <cachefile>

Reset expiry time for entries of given cachefile

-s <keyfile>

Set encryption key loaded from keyfile. Load the new key from the keyfile and load it into the drives crypto buffer using a SCSI SPOUT command.

-v

Show volume encryption status. Request the current volume encryption status by issueing a SCSI SPIN cmd requesting the SPIN_NEXT_BLOCK_ENCR_STATUS_PAGE.

-w <keyfile>

Wrap/Unwrap the key using RFC3394 aes-(un)wrap using the key in keyfile as a Key Encryption Key After wrapping the data using this option the output is binary so you may want to use the -b flag to base64 encode this data.

RELATED TO bscrypto…

AUTHOR

This manual page was written by Marco van Wieringen <[email protected]>