In the interest of providing visibility into my on-going work, I will be posting regular snapshots of my encryption support diffs, along with some hopefully understandable explanations.
To get the project started, I've modified the OpenSSL autoconf macros to define an additional preprocessor directive, HAVE_CRYPTO. In conjunction with this, I've started implementing the abstract cryptography API in src/lib/crypto.c. As with the TLS implementation, I am attempting to abstract the details of OpenSSL from the rest of the Bacula codebase.
One of the first steps necessary to implement signed message digests is a refactoring of the digest code used by the file daemon. I've created a new digest API in src/lib/crypto.c, and updated all clients of the previous digest API. The new implementation supports MD5 and SHA-1 hashes for both basic digests and signing. If OpenSSL 0.9.8 is available, SHA-512 is used for signed digests.
Additionally, I've migrated the OpenSSL initialization code to crypto.c, and added code for reading -- and signing with -- PEM-encoded x509 certificates and RSA and DSA private keys. I've also added encryption configuration options to the various daemons.
If you would like to take a look at the current patchset in all its glory, you can find it here: bacula-crypto-1.diff.gz
The next task on my list is storage of signed message digests and per-session symmetric keys in both the catalog and volume. I will be out on holiday next week, but I hope to have another patchset available shortly after I return.
A few weeks ago we officially announced the Bacula data encryption project -- an endeavor to add data encryption support to Bacula and raise funds for the Electronic Frontier Foundation.
The community's response has been wonderful, and we've managed to raise a total of $1,165. Your donations are appreciated! With your continued support, I hope we can meet our goal of $3,000.
Below is a list of the donors to-date. If I have missed anyone, or any information is incorrect, please send me an e-mail.
Donor: Amount: WingNET Internet $500 Timo Neuvonen $250 Ed Grether $25 Charles Reinehr $100 Michael Proto $25 Phil Cordier $100 Dan Langille $100 Tom Plancon $65 Total: $1,165
The EFF has taken notice:
"In addition, huge thanks to Landon Fuller and the Bacula Project for helping to raise money for EFF..."
"Grassroots fundraising efforts like these give EFF the energy (and funds!) to keep on fighting the good fight - defending free speech, fair use, innovation, and privacy on the electronic frontier. By supporting EFF, you help carry the banner to protect digital civil liberties."
Thank you for your donations!
Bacula is an excellent backup solution available for the BSDs, Linux, Mac OS X, Windows, and other operating systems.
As the original contributor of Bacula's network encryption support, I recently volunteered to implement on-disk backup encryption -- with one catch. In exchange for implementing data encryption support, I would like the Bacula community to donate $3,000 to the Electronic Frontier Foundation.
To quote the official announcement: "Can your company contribute $250 or $500? How about $100? And if your budget is really tight, why not forego a couple of fast food meals and contribute $20?. Bacula is a community project, and this can be your way of helping make Bacula an even better product for the good of the whole community."
Information on how to donate can be found in the official announcement.