Provided by: bareos-storage-tape_14.2.6-3_amd64
bscrypto - Bareos's 'SCSI Crypto'
bscrypto [options] device_name
The purpose of bscrypto is to be a standalone tool for manipulating the SCSI Crypto framework using the SCSI SPIN/SPOUT security pages. This tool allows you to perform standalone crypto operations that are normally performed by the scsicrypto-sd.so plugin in the storage daemon. You also need bscrypto tool to to the initial setup of things like Key Encryption Keys in the bareos-sd.conf and bareos-dir.conf
A summary of options is included below. -? Show version and usage of program. -b Perform base64 encoding of keydata. Any binary data is base64 encoded and as such converted to normal ASCII. -c Clear encryption key. Clear the encryption key currently loaded on the drive by issueing a SCSI SPOUT clear key page. -D <cachefile> Dump the content of given cachefile -d <nn> Set debug level to <nn> -e Show drive encryption status. Request the current drive encryption status by issueing a SCSI SPIN cmd requesting the SPIN_DATA_ENCR_STATUS_PAGE. -g <keyfile> Generate new encryption passphrase in keyfile. A passphrase is generated from random data and is ASCII only. -k <keyfile> Show content of keyfile. If the data is wrapped using a so called Key Encryption Key you also need the -b flag to base64 decode the data that is wrapped using the algoritm described in RFC3394 which gives binary output. -p <cachefile> Populate given cachefile with crypto keys -r <cachefile> Reset expiry time for entries of given cachefile -s <keyfile> Set encryption key loaded from keyfile. Load the new key from the keyfile and load it into the drives crypto buffer using a SCSI SPOUT command. -v Show volume encryption status. Request the current volume encryption status by issueing a SCSI SPIN cmd requesting the SPIN_NEXT_BLOCK_ENCR_STATUS_PAGE. -w <keyfile> Wrap/Unwrap the key using RFC3394 aes-(un)wrap using the key in keyfile as a Key Encryption Key After wrapping the data using this option the output is binary so you may want to use the -b flag to base64 encode this data.
This manual page was written by Marco van Wieringen <email@example.com>