Provided by: bareos-storage-tape_14.2.6-2build1_i386 bug

NAME

        bscrypto - Bareos's 'SCSI Crypto'

SYNOPSIS

       bscrypto [options] device_name

DESCRIPTION

       The purpose of bscrypto is to be a standalone tool for manipulating the
       SCSI Crypto framework using the SCSI SPIN/SPOUT  security  pages.  This
       tool  allows  you  to  perform  standalone  crypto  operations that are
       normally performed  by  the  scsicrypto-sd.so  plugin  in  the  storage
       daemon.

       You  also need bscrypto tool to to the initial setup of things like Key
       Encryption Keys in the bareos-sd.conf and bareos-dir.conf

OPTIONS

       A summary of options is included below.

       -?     Show version and usage of program.

       -b     Perform base64 encoding of keydata. Any binary  data  is  base64
              encoded and as such converted to normal ASCII.

       -c     Clear  encryption key. Clear the encryption key currently loaded
              on the drive by issueing a SCSI SPOUT clear key page.

       -D <cachefile>
              Dump the content of given cachefile

       -d <nn>
              Set debug level to <nn>

       -e     Show  drive  encryption  status.  Request  the   current   drive
              encryption  status  by  issueing  a SCSI SPIN cmd requesting the
              SPIN_DATA_ENCR_STATUS_PAGE.

       -g <keyfile>
              Generate new encryption passphrase in keyfile. A  passphrase  is
              generated from random data and is ASCII only.

       -k <keyfile>
              Show  content  of  keyfile.  If  the  data is wrapped using a so
              called Key Encryption Key you also need the -b  flag  to  base64
              decode  the data that is wrapped using the algoritm described in
              RFC3394 which gives binary output.

       -p <cachefile>
              Populate given cachefile with crypto keys

       -r <cachefile>
              Reset expiry time for entries of given cachefile

       -s <keyfile>
              Set encryption key loaded from keyfile. Load the  new  key  from
              the  keyfile  and  load it into the drives crypto buffer using a
              SCSI SPOUT command.

       -v     Show  volume  encryption  status.  Request  the  current  volume
              encryption  status  by  issueing  a SCSI SPIN cmd requesting the
              SPIN_NEXT_BLOCK_ENCR_STATUS_PAGE.

       -w <keyfile>
              Wrap/Unwrap the key using RFC3394 aes-(un)wrap using the key  in
              keyfile  as  a  Key Encryption Key After wrapping the data using
              this option the output is binary so you may want to use  the  -b
              flag to base64 encode this data.

SEE ALSO

       bareos-sd(8),

AUTHOR

       This    manual    page    was    written   by   Marco   van   Wieringen
       <marco.van.wieringen@bareos.com>