Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
BSCRYPTO(8)	    Backup Archiving REcovery Open Sourced	   BSCRYPTO(8)

NAME
	bscrypto - Bareos's 'SCSI Crypto'

SYNOPSIS
       bscrypto	[options] device_name

DESCRIPTION
       The purpose of bscrypto is to be	a standalone tool for manipulating the
       SCSI  Crypto  framework	using the SCSI SPIN/SPOUT security pages. This
       tool allows you to perform standalone crypto operations that  are  nor-
       mally performed by the scsicrypto-sd.so plugin in the storage daemon.

       You  also need bscrypto tool to to the initial setup of things like Key
       Encryption Keys in the bareos-sd	and bareos-dir configuration files.

OPTIONS
       A summary of options is included	below.

       -?     Show version and usage of	program.

       -b     Perform base64 encoding of keydata. Any binary  data  is	base64
	      encoded and as such converted to normal ASCII.

       -c     Clear  encryption	key. Clear the encryption key currently	loaded
	      on the drive by issuing a	SCSI SPOUT clear key page.

       -D <cachefile>
	      Dump the content of given	cachefile

       -d <nn>
	      Set debug	level to <nn>

       -e     Show drive encryption status. Request the	current	drive  encryp-
	      tion   status   by  issuing  a  SCSI  SPIN  cmd  requesting  the
	      SPIN_DATA_ENCR_STATUS_PAGE.

       -g <keyfile>
	      Generate new encryption passphrase in keyfile. A	passphrase  is
	      generated	from random data and is	ASCII only.

       -k <keyfile>
	      Show  content  of	 keyfile.  If  the  data is wrapped using a so
	      called Key Encryption Key	you also need the -b  flag  to	base64
	      decode the data that is wrapped using the	algorithm described in
	      RFC3394 which gives binary output.

       -p <cachefile>
	      Populate given cachefile with crypto keys

       -r <cachefile>
	      Reset expiry time	for entries of given cachefile

       -s <keyfile>
	      Set  encryption  key  loaded from	keyfile. Load the new key from
	      the keyfile and load it into the drives crypto  buffer  using  a
	      SCSI SPOUT command.

       -v     Show  volume  encryption	status.	Request	the current volume en-
	      cryption status by  issuing  a  SCSI  SPIN  cmd  requesting  the
	      SPIN_NEXT_BLOCK_ENCR_STATUS_PAGE.

       -w <keyfile>
	      Wrap/Unwrap  the key using RFC3394 aes-(un)wrap using the	key in
	      keyfile as a Key Encryption Key After wrapping  the  data	 using
	      this  option  the	output is binary so you	may want to use	the -b
	      flag to base64 encode this data.

SEE ALSO
       bareos-sd(8),

AUTHOR
       This manual page	was written by Marco van Wieringen (Bareos).

Marco van Wieringen	       23 February 2013			   BSCRYPTO(8)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=bscrypto&sektion=8&manpath=FreeBSD+Ports+14.3.quarterly>

home | help