amcrypt — reference crypt program for Amanda symmetric data encryption
amcrypt requires aespipe and gpg to work. Aespipe is available from http://loop-aes.sourceforge.net
amcrypt will search for the aespipe program in the following directories: /usr/bin:/usr/local/bin:/sbin:/usr/sbin.amcrypt calls amaespipe and pass the passphrase through file descriptor 3. The passphrase should be stored in ~amanda/.am_passphrase.
head -c 2925 /dev/random | uuencode -m - | head -n 66 | tail -n 65 \ | gpg --symmetric -a > ~amanda/.gnupg/am_key.gpg
This will ask for a passphrase. Remember this passphrase as you will need it in the next step.
2. Store the passphrase inside the home-directory of the AMANDA-user and protect it with proper permissions:
echo my_secret_passphrase > ~amanda/.am_passphrase chown amanda:disk ~amanda/.am_passphrase chmod 700 ~amanda/.am_passphrase
amcrypt uses the same key to encrypt and decrypt data.It is very important to store and protect the key and the passphrase properly. Encrypted backup data can only be recovered with the correct key and passphrase.