Provided by: bareos-storage-tape_14.2.6-3_amd64 bug

NAME
        bscrypto - Bareos's 'SCSI Crypto'


SYNOPSIS
       bscrypto [options] device_name


DESCRIPTION
       The  purpose  of bscrypto is to be a standalone tool for manipulating the SCSI Crypto framework using the
       SCSI SPIN/SPOUT security pages. This tool allows you to perform standalone  crypto  operations  that  are
       normally performed by the scsicrypto-sd.so plugin in the storage daemon.

       You  also  need  bscrypto  tool to to the initial setup of things like Key Encryption Keys in the bareos-
       sd.conf and bareos-dir.conf


OPTIONS
       A summary of options is included below.

       -?     Show version and usage of program.

       -b     Perform base64 encoding of keydata. Any binary data is base64 encoded and  as  such  converted  to
              normal ASCII.

       -c     Clear  encryption  key.  Clear the encryption key currently loaded on the drive by issueing a SCSI
              SPOUT clear key page.

       -D <cachefile>
              Dump the content of given cachefile

       -d <nn>
              Set debug level to <nn>

       -e     Show drive encryption status. Request the current drive encryption status by issueing a SCSI  SPIN
              cmd requesting the SPIN_DATA_ENCR_STATUS_PAGE.

       -g <keyfile>
              Generate  new  encryption passphrase in keyfile. A passphrase is generated from random data and is
              ASCII only.

       -k <keyfile>
              Show content of keyfile. If the data is wrapped using a so called Key Encryption Key you also need
              the -b flag to base64 decode the data that is wrapped using  the  algoritm  described  in  RFC3394
              which gives binary output.

       -p <cachefile>
              Populate given cachefile with crypto keys

       -r <cachefile>
              Reset expiry time for entries of given cachefile

       -s <keyfile>
              Set  encryption  key  loaded  from keyfile. Load the new key from the keyfile and load it into the
              drives crypto buffer using a SCSI SPOUT command.

       -v     Show volume encryption status. Request the current volume encryption status  by  issueing  a  SCSI
              SPIN cmd requesting the SPIN_NEXT_BLOCK_ENCR_STATUS_PAGE.

       -w <keyfile>
              Wrap/Unwrap  the  key  using RFC3394 aes-(un)wrap using the key in keyfile as a Key Encryption Key
              After wrapping the data using this option the output is binary so you may want to use the -b  flag
              to base64 encode this data.


SEE ALSO
       bareos-sd(8),


AUTHOR
       This manual page was written by Marco van Wieringen <marco.van.wieringen@bareos.com>

Marco van Wieringen                             23 February 2013                                     BSCRYPTO(8)