Bareos's 'scsi crypto'
bscrypto [options] device_name
The purpose of bscrypto is to be a standalone tool for manipulating the SCSI Crypto framework using the SCSI SPIN/SPOUT security pages. This tool allows you to perform standalone crypto operations that are normally performed by the scsicrypto-sd.so plugin in the storage daemon.
You also need bscrypto tool to to the initial setup of things like Key Encryption Keys in the bareos-sd.conf and bareos-dir.conf
A summary of options is included below.
-?
Show version and usage of program.
-b
Perform base64 encoding of keydata. Any binary data is base64 encoded and as such converted to normal ASCII.
-c
Clear encryption key. Clear the encryption key currently loaded on the drive by issueing a SCSI SPOUT clear key page.
-D <cachefile>
Dump the content of given cachefile
-d <nn>
Set debug level to <nn>
-e
Show drive encryption status. Request the current drive encryption status by issueing a SCSI SPIN cmd requesting the SPIN_DATA_ENCR_STATUS_PAGE.
-g <keyfile>
Generate new encryption passphrase in keyfile. A passphrase is generated from random data and is ASCII only.
-k <keyfile>
Show content of keyfile. If the data is wrapped using a so called Key Encryption Key you also need the -b flag to base64 decode the data that is wrapped using the algoritm described in RFC3394 which gives binary output.
-p <cachefile>
Populate given cachefile with crypto keys
-r <cachefile>
Reset expiry time for entries of given cachefile
-s <keyfile>
Set encryption key loaded from keyfile. Load the new key from the keyfile and load it into the drives crypto buffer using a SCSI SPOUT command.
-v
Show volume encryption status. Request the current volume encryption status by issueing a SCSI SPIN cmd requesting the SPIN_NEXT_BLOCK_ENCR_STATUS_PAGE.
-w <keyfile>
Wrap/Unwrap the key using RFC3394 aes-(un)wrap using the key in keyfile as a Key Encryption Key After wrapping the data using this option the output is binary so you may want to use the -b flag to base64 encode this data.
This manual page was written by Marco van Wieringen <[email protected]>