0000679: Key unwrapping fails in 14.2.7 for Keys generated in 14.2.2 - Bareos Bug Tracker

ID	Project	Category	View Status	Date Submitted	Last Update

0000679	bareos-core	storage daemon	public	2016-08-04 14:42	2023-03-23 16:30

Reporter	mgu	Assigned To	bruno-at-bareos
Priority	normal	Severity	major	Reproducibility	always
Status	closed	Resolution	not fixable
OS	Ubuntu	OS Version	16.04
Product Version	14.2.7

Summary	0000679: Key unwrapping fails in 14.2.7 for Keys generated in 14.2.2
Description	We use an ubuntu 12.04 system running bareos 14.2.2 as our productive backup solution. The backups are done on tape with encryption enabled. We now wish to restore this data on a system running ubuntu 16.04 and bareos 14.2.7. Trying to restore data from tape on an ubuntu 16.04 system running bareos 14.2.7 fails with the following error message: " ERROR in scsicrypto-sd.c:392 scsicrypto-sd: Failed to unwrap encryption key, probably wrong KeyEncryptionKey in config " Trying to test out the unwrapping of encryption keys using bscrypto in bareos 14.2.7 fails and is easily reproduced. It work on ubuntu 12.04 and bareos 14.2.2. The switch from OpenSSL to GnuTLS between bareos 14.2.2 and 14.2.7 most likely breaks the ability to decrypt tape drives.
Steps To Reproduce	System A running bareos 14.2.2 with OpenSSL on ubuntu 12.04 System B running bareos 14.2.7 with GnuTLS on ubuntu 16.04 SystemA # bscrypto -b -k <KeyEncryptionKey> -w <EncryptionKey> ## --> Key is unwrapped correctly SystemB # bscrypto -b -k <KeyEncryptionKey> -w <EncryptionKey> ## --> Failed to aes unwrap the keydata read from <KeyEncryptionKey> using the wrap data from <EncryptionKey>, aborting...
Tags	No tags attached.

Date Modified	Username	Field	Change
2016-08-04 14:42	mgu	New Issue
2023-03-23 16:30	bruno-at-bareos	Assigned To	=> bruno-at-bareos
2023-03-23 16:30	bruno-at-bareos	Status	new => closed
2023-03-23 16:30	bruno-at-bareos	Resolution	open => not fixable
2023-03-23 16:30	bruno-at-bareos	Note Added: 0004941