View Issue Details

IDProjectCategoryView StatusLast Update
0000679bareos-corestorage daemonpublic2016-08-04 14:42
Reportermgu Assigned To 
Status newResolutionopen 
OSUbuntuOS Version16.04 
Product Version14.2.7 
Summary0000679: Key unwrapping fails in 14.2.7 for Keys generated in 14.2.2
DescriptionWe use an ubuntu 12.04 system running bareos 14.2.2 as our productive backup solution. The backups are done on tape with encryption enabled. We now wish to restore this data on a system running ubuntu 16.04 and bareos 14.2.7.

Trying to restore data from tape on an ubuntu 16.04 system running bareos 14.2.7 fails with the following error message:
  " ERROR in scsicrypto-sd.c:392 scsicrypto-sd: Failed to unwrap encryption key, probably wrong KeyEncryptionKey in config "

Trying to test out the unwrapping of encryption keys using bscrypto in bareos 14.2.7 fails and is easily reproduced. It work on ubuntu 12.04 and bareos 14.2.2.

The switch from OpenSSL to GnuTLS between bareos 14.2.2 and 14.2.7 most likely breaks the ability to decrypt tape drives.

Steps To ReproduceSystem A running bareos 14.2.2 with OpenSSL on ubuntu 12.04
System B running bareos 14.2.7 with GnuTLS on ubuntu 16.04

SystemA # bscrypto -b -k <KeyEncryptionKey> -w <EncryptionKey>
## --> Key is unwrapped correctly

SystemB # bscrypto -b -k <KeyEncryptionKey> -w <EncryptionKey>
## --> Failed to aes unwrap the keydata read from <KeyEncryptionKey> using the wrap data from <EncryptionKey>, aborting...
TagsNo tags attached.
bareos-master: impact
bareos-master: action
bareos-19.2: impact
bareos-19.2: action
bareos-18.2: impact
bareos-18.2: action
bareos-17.2: impact
bareos-17.2: action
bareos-16.2: impact
bareos-16.2: action
bareos-15.2: impact
bareos-15.2: action
bareos-14.2: impact
bareos-14.2: action
bareos-13.2: impact
bareos-13.2: action
bareos-12.4: impact
bareos-12.4: action


There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2016-08-04 14:42 mgu New Issue