- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- encrypting tar files saved onto tape
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-01-2008 11:40 AM
тАО11-01-2008 11:40 AM
encrypting tar files saved onto tape
We typically do tar jobs of entire directories to one of several tape drives. These drives can be DAT, DLT, SDLT, or LTO-4. One example would be the following:
LOCATION: /diskarray/stripe7/usr/home
TAPE DEVICE FILE: /dev/rmt/5mn
COMMAND: tar -cvf * /dev/rmt/5mn
A new directive in our company has made mandatory encryption of all backups. Therefore, once the tar command shown above is completed, the files on tape would need to be encrypted.
We have openssl installed on our system, and the command syntax that would appear to apply here, using the above example would be as follows:
openssl des3 -salt -in /dev/rmt/5mn -out /dev/rmt/5mn.des3
After the above is completed, an encryption password would be entered by the administrator.
Is the above procedure the correct method? Also, is there any inherent danger to the tape or drive if the encryption is attempted on either? Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-01-2008 12:59 PM
тАО11-01-2008 12:59 PM
Re: encrypting tar files saved onto tape
>>completed, the files on tape would need to
>>be encrypted.
Not possible to encrypt the files AFTER they are on the tape UNLESS you want to then read in from that tape and write OUT to another tape in a different tape drive.
>>openssl des3 -salt -in /dev/rmt/5mn -out /dev/rmt/5mn.des3
Not possible unless you've figured how to read from and write to the same tape drive at the same time.
What you need to do is encrypt the files as they are written to tape.
You would somehow have to feed a list of files to openssl and have the output openssl redirected as the input to tar.
I have never attempted this so I'm not entirely sure how you would go about doing that.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-01-2008 01:12 PM
тАО11-01-2008 01:12 PM
Re: encrypting tar files saved onto tape
Bill Hassell, sysadmin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-01-2008 07:56 PM
тАО11-01-2008 07:56 PM
Re: encrypting tar files saved onto tape
act as a filter if you omit the -in and -out
options, so you may be able to use something
like:
cd
tar cvf - . | openssl [...] -out /dev/rmt/5mn
Depending on different factors, it might pay
to throw a gzip into that pipeline, too.
You might also be better off using something
smarter than the basic HP "tar" program, too,
like, say, "pax" or GNU "tar". And using "*"
for the file list is unwise for at least a
couple of reasons. (How many files are in
there, and how many have names which begin
with "."?) Something in the "dump/restore"
family might also make more sense than "tar".
> You need to [...]
Almost always an inaccurate way to begin a
statement, but more elaborate backup software
exists (and is sold) for some good reasons.
The best solution in a particular situation
depends on the particular requirements and
constraints.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-01-2008 08:12 PM
тАО11-01-2008 08:12 PM
Re: encrypting tar files saved onto tape
http://forums.itrc.hp.com/service/forums/questionanswer.do?threadId=1282098
http://forums.itrc.hp.com/service/forums/questionanswer.do?threadId=1283576
http://forums.itrc.hp.com/service/forums/questionanswer.do?threadId=1279028
http://forums.itrc.hp.com/service/forums/questionanswer.do?threadId=1280016
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-03-2008 03:53 AM
тАО11-03-2008 03:53 AM
Re: encrypting tar files saved onto tape
Thanks for the reply. We do have Data Protector 6.0 as our primary backup solution. The tar backup is used to provide a secondary backup if the primary is unavailable.
One of the responses to my posting suggested have openssl as the filter where the tar, in this case gnutar instead of HP-UX tar, would encrypt data being backed up "on the fly" to the tape. Would that be an alternative to use, and if so, what would be the correct syntax to use? Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-03-2008 07:04 AM
тАО11-03-2008 07:04 AM
Re: encrypting tar files saved onto tape
> use?
That might depend a little bit on exactly
what you wish to do. Is there something
wrong with the documentation for any of these
programs?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-03-2008 09:15 AM
тАО11-03-2008 09:15 AM
Re: encrypting tar files saved onto tape
What I am trying to accomplish in this exercise is the following:
Conduct at tar backup where the data in question is encrypted when it is written to tape.
According to the responses that were given to my initial inquiry, encrypting the data after it has been written to tape is not possible. Therefore, the encryption would have to take place during the tar process.
My question is the following: If encrypting the data during the tar process is possible, what would be the correct syntax to use? The server in question has the openssl package available, and the tar binary that is being used in this process is gnutar.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-03-2008 07:45 PM
тАО11-03-2008 07:45 PM
Re: encrypting tar files saved onto tape
use? [...]
You've been given a skeleton command, which
may need only a few details to do what you
want. To a casual observer, you appear to be
too busy or lazy or helpless to read the
usage instructions for the programs which you
intend to use.
> [...] in our company [...]
You appear to be employed, but it's not clear
why. I get insufficient satisfaction from
doing other people's jobs for them (for free)
to make a general practice of it. But don't
give up. Some of the contributors here seem
to enjoy the challenge of doing the problems
in students' homework assignments, so you may
get what you seek from one of them.
The fact that your company is relying for its
backups on someone who expects to encrypt
data after they've been written to tape is
more than a little scary.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-04-2008 09:04 AM
тАО11-04-2008 09:04 AM
Re: encrypting tar files saved onto tape
The questions that I ask are for clarification on a project that was undertaken on my own initiative to provide better service to my company.