Provided by: bareos-storage-tape_14.2.6-2build1_i386 bug


        bscrypto - Bareos's 'SCSI Crypto'


       bscrypto [options] device_name


       The purpose of bscrypto is to be a standalone tool for manipulating the
       SCSI Crypto framework using the SCSI SPIN/SPOUT  security  pages.  This
       tool  allows  you  to  perform  standalone  crypto  operations that are
       normally performed  by  the  plugin  in  the  storage

       You  also need bscrypto tool to to the initial setup of things like Key
       Encryption Keys in the bareos-sd.conf and bareos-dir.conf


       A summary of options is included below.

       -?     Show version and usage of program.

       -b     Perform base64 encoding of keydata. Any binary  data  is  base64
              encoded and as such converted to normal ASCII.

       -c     Clear  encryption key. Clear the encryption key currently loaded
              on the drive by issueing a SCSI SPOUT clear key page.

       -D <cachefile>
              Dump the content of given cachefile

       -d <nn>
              Set debug level to <nn>

       -e     Show  drive  encryption  status.  Request  the   current   drive
              encryption  status  by  issueing  a SCSI SPIN cmd requesting the

       -g <keyfile>
              Generate new encryption passphrase in keyfile. A  passphrase  is
              generated from random data and is ASCII only.

       -k <keyfile>
              Show  content  of  keyfile.  If  the  data is wrapped using a so
              called Key Encryption Key you also need the -b  flag  to  base64
              decode  the data that is wrapped using the algoritm described in
              RFC3394 which gives binary output.

       -p <cachefile>
              Populate given cachefile with crypto keys

       -r <cachefile>
              Reset expiry time for entries of given cachefile

       -s <keyfile>
              Set encryption key loaded from keyfile. Load the  new  key  from
              the  keyfile  and  load it into the drives crypto buffer using a
              SCSI SPOUT command.

       -v     Show  volume  encryption  status.  Request  the  current  volume
              encryption  status  by  issueing  a SCSI SPIN cmd requesting the

       -w <keyfile>
              Wrap/Unwrap the key using RFC3394 aes-(un)wrap using the key  in
              keyfile  as  a  Key Encryption Key After wrapping the data using
              this option the output is binary so you may want to use  the  -b
              flag to base64 encode this data.




       This    manual    page    was    written   by   Marco   van   Wieringen