Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add ability to dump the content of the cryptocache.
For tape encryption the storage daemon keeps a cache of recently used data it needs when loading a crypto enabled volume and it doesn't have a connection to the director (e.g. when starting the SD). The bscrypto tool already had support for populating the cache with data which is used when a Disaster Recovery is needed but it would be nice if you could also dump the content of the cache using the bscrypto tool. There is no real security risk as you still need read access to the cache file and the data dumped is the wrapped/encrypted version of the key for which you need the KeyEncryptionKey to be able to translate it to the actual key loaded into the drive.
- Loading branch information
Marco van Wieringen
committed
Feb 17, 2015
1 parent
9355be4
commit c4daee2
Showing
3 changed files
with
66 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters