"Fossies" - the Fresh Open Source Software Archive

Member "bareos-Release-22.1.2/core/manpages/bscrypto.8" (21 Nov 2023, 2945 Bytes) of package /linux/misc/bareos-Release-22.1.2.tar.gz:

Caution: As a special service "Fossies" has tried to format the requested manual source page into HTML format but links to other man pages may be missing or even erroneous. Alternatively you can here view or download the uninterpreted manual source code. A member file download can also be achieved by clicking within a package contents listing on the according byte size field.




bscrypto − Bareos’s ’SCSI Crypto’


bscrypto [options] device_name


The purpose of bscrypto is to be a standalone tool for manipulating the SCSI Crypto framework using the SCSI SPIN/SPOUT security pages. This tool allows you to perform standalone crypto operations that are normally performed by the scsicrypto-sd.so plugin in the storage daemon.

You also need bscrypto tool to to the initial setup of things like Key Encryption Keys in the bareos-sd and bareos-dir configuration files.


A summary of options is included below.


Show version and usage of program.


Perform base64 encoding of keydata. Any binary data is base64 encoded and as such converted to normal ASCII.


Clear encryption key. Clear the encryption key currently loaded on the drive by issuing a SCSI SPOUT clear key page.

−D <cachefile>

Dump the content of given cachefile

−d <nn>

Set debug level to <nn>


Show drive encryption status. Request the current drive encryption status by issuing a SCSI SPIN cmd requesting the SPIN_DATA_ENCR_STATUS_PAGE.

−g <keyfile>

Generate new encryption passphrase in keyfile. A passphrase is generated from random data and is ASCII only.

−k <keyfile>

Show content of keyfile. If the data is wrapped using a so called Key Encryption Key you also need the −b flag to base64 decode the data that is wrapped using the algorithm described in RFC3394 which gives binary output.

−p <cachefile>

Populate given cachefile with crypto keys

−r <cachefile>

Reset expiry time for entries of given cachefile

−s <keyfile>

Set encryption key loaded from keyfile. Load the new key from the keyfile and load it into the drives crypto buffer using a SCSI SPOUT command.


Show volume encryption status. Request the current volume encryption status by issuing a SCSI SPIN cmd requesting the SPIN_NEXT_BLOCK_ENCR_STATUS_PAGE.

−w <keyfile>

Wrap/Unwrap the key using RFC3394 aes-(un)wrap using the key in keyfile as a Key Encryption Key After wrapping the data using this option the output is binary so you may want to use the −b flag to base64 encode this data.




This manual page was written by Marco van Wieringen <marco.van.wieringen@bareos.com>