DOKK / manpages / debian 10 / amanda-common / amcryptsimple.8.en
AMCRYPTSIMPLE(8) System Administration Commands AMCRYPTSIMPLE(8)

amcryptsimple - reference simple crypt program for Amanda symmetric data encryption

amcryptsimple to be called by Amanda only

amcryptsimple calls gpg to perform symmetric data encryption on Amanda backup. amcryptsimple will search for the gpg program in the following directories: /usr/local/bin:/usr/bin:/usr/sbin:/bin:/sbin

amcryptsimple uses one passphrase to encrypt the Amanda data and uses the same passphrase to decrypt the Amanda backup data. amcryptsimple uses AES256 as the symmetric cipher.

Store the passphrase inside the home-directory of the Amanda user ($amanda_user) and protect it with proper permissions:

echo my_secret_passphrase > ~$amanda_user/.am_passphrase
chown $amanda_user:disk ~$amanda_user/.am_passphrase
chmod 700 ~$amanda_user/.am_passphrase

Choose a good passphrase and protect it properly. Backup data can only be restored with the passphrase. There is no backdoor.

If storing and securing passphrase in your environment presents challenges, Amanda provide public-key data encryption through amgpgcrypt. Public-key encryption uses the public key to encrypt and uses the private key to decrypt.

amanda(8), amanda.conf(5), amcrypt(8), amgpgcrypt(8), amrestore(8), gpg(1)

The Amanda Wiki: : http://wiki.zmanda.com/

Kevin Till <kevin.till@zmanda.com>

Zmanda, Inc. (http://www.zmanda.com)
12/01/2017 Amanda 3.5.1