Here is a set of patches to Amanda 2.4.1p1 to add a dumptype boolean option called "sencrypt." The default value for sencrypt is "no" If "sencrypt" is set to "yes" then sendbackup will try to use an SSL encryption filter when sending a dump image to the tape server. This patch causes sendbackup to spawn an encryption program in much the same way as it would spawn a gzip process to handle compression. The file descriptors are lined up so that the image is sent via the encryption program before being transmitted across the network. On the server side, dumper spawns a child process to decrypt the backup image as it arrives off the network. This patch makes use of an SSL encrypt/decrypt program called sst[*] but given the nature of the changes, it should be possible to replace sst with any other similarly-configured encrypt/decrypt tool(s). The file "sencrypt" in this directory contains the context diffs needed for applying the changes with patch(1). This mod has been tested on BSDi, FreeBSD, SunOS-4 and RedHat Linux. --- We started using Amanda just last year to backup our group's various unix boxes on an inherited EXB210 tape robot. It's working quite well. We're pretty happy with it and it's already saved our butts a few times. But there was just one thing missing - encryption (actually, Amanda already supports Kerberos encryption but we weren't quite ready to mess with Kerberos. And with the growing acceptance of OpenSSL, SSL tools seemed to offer more flexibility). Hence this patch. Please note that we only ever use sendbackup-dump here so the mods to sendbackup-gnutar have never really been tested. P Kern 2000/03/29 pkern at utcc.utoronto.ca --- [*] see "http://utcc.utoronto.ca/~pkern/stuff/sst/" sst was put together mainly to provide SSL encryption for Amanda but it can also be used for interactive SSL tunneling or as an SSL front-end to inetd services.