Provided by: bareos-storage-tape_14.2.6-3_amd64 bug

NAME

        bscrypto - Bareos's 'SCSI Crypto'

SYNOPSIS

       bscrypto [options] device_name

DESCRIPTION

       The  purpose  of  bscrypto  is  to  be  a standalone tool for manipulating the SCSI Crypto
       framework using the SCSI SPIN/SPOUT security  pages.  This  tool  allows  you  to  perform
       standalone crypto operations that are normally performed by the scsicrypto-sd.so plugin in
       the storage daemon.

       You also need bscrypto tool to to the initial setup of things like Key Encryption Keys  in
       the bareos-sd.conf and bareos-dir.conf

OPTIONS

       A summary of options is included below.

       -?     Show version and usage of program.

       -b     Perform  base64  encoding of keydata. Any binary data is base64 encoded and as such
              converted to normal ASCII.

       -c     Clear encryption key. Clear the encryption key currently loaded  on  the  drive  by
              issueing a SCSI SPOUT clear key page.

       -D <cachefile>
              Dump the content of given cachefile

       -d <nn>
              Set debug level to <nn>

       -e     Show  drive  encryption  status.  Request  the  current  drive encryption status by
              issueing a SCSI SPIN cmd requesting the SPIN_DATA_ENCR_STATUS_PAGE.

       -g <keyfile>
              Generate new encryption passphrase in  keyfile.  A  passphrase  is  generated  from
              random data and is ASCII only.

       -k <keyfile>
              Show  content  of  keyfile. If the data is wrapped using a so called Key Encryption
              Key you also need the -b flag to base64 decode the data that is wrapped  using  the
              algoritm described in RFC3394 which gives binary output.

       -p <cachefile>
              Populate given cachefile with crypto keys

       -r <cachefile>
              Reset expiry time for entries of given cachefile

       -s <keyfile>
              Set  encryption key loaded from keyfile. Load the new key from the keyfile and load
              it into the drives crypto buffer using a SCSI SPOUT command.

       -v     Show volume encryption status. Request the  current  volume  encryption  status  by
              issueing a SCSI SPIN cmd requesting the SPIN_NEXT_BLOCK_ENCR_STATUS_PAGE.

       -w <keyfile>
              Wrap/Unwrap  the  key  using RFC3394 aes-(un)wrap using the key in keyfile as a Key
              Encryption Key After wrapping the data using this option the output  is  binary  so
              you may want to use the -b flag to base64 encode this data.

SEE ALSO

       bareos-sd(8),

AUTHOR

       This manual page was written by Marco van Wieringen <marco.van.wieringen@bareos.com>