Decrypting with Master Key

It is preferable to retain a secure, non-encrypted copy of the client’s own encryption keypair. However, should you lose the client’s keypair, recovery with the master keypair is possible.

First create a keypair with:

cat master.key master.cert >master.pem

Then modify your File Daemons configuration file to use the master keypair:

FileDaemon {
    Name = example-fd
    FDport = 9102        # where we listen for the director
    WorkingDirectory = /opt/bacula/working
    Pid Directory = /var/run
    Maximum Concurrent Jobs = 20

    PKI Signatures = Yes   # Enable Data Signing
    PKI Encryption = Yes   # Enable Data Encryption
    PKI Keypair = "/opt/bacula/etc/master.pem" # Master Public and Private Keys
}

Restart your File Daemon and you should be able to recover your lost files.

See also

Previous articles:

• Encryption Technical Details

• Generating Private/Public Encryption Keys

• Data Encryption Configuration

• Example Data Encryption Configuration

Go back to: File Daemon Data Encryption.