[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bacula-devel] Feature request: Add EFS support on Windows
Item X: Add EFS support on Windows
Origin: Alex Ehrlich (Alex.Ehrlich-at-mail.ee)
Date: 05 August 2008
What: For each file backed up or restored by FD on Windows, check if
the file is encrypted; if so then use OpenEncryptedFileRaw,
CloseEncryptedFileRaw instead of BackupRead and BackupWrite
Why: Many laptop users utilize the EFS functionality today; so do.
some non-laptop ones, too.
Currently files encrypted by means of EFS cannot be backed up.
It means a Windows boutique cannot rely on Bacula as its
backup solution, at least when using Windows 2K, XPP,
"better" Vista etc on workstations, unless EFS is
forbidden by policies.
The current situation might result into "false sense of
security" among the end-users.
Notes: Using xxxEncryptedFileRaw API would allow to backup and
restore EFS-encrypted files without decrypting their data.
Note that such files cannot be restored "portably" (at least,
easily) but they would be restoreable to a different (or
reinstalled) Win32 machine; the restore would require setup
of a EFS recovery agent in advance, of course, and this shall
be clearly reflected in the documentation, but this is the
normal Windows SysAdmin's business.
When "portable" backup is requested the EFS-encrypted files
shall be clearly reported as errors.
See MSDN on the "Backup and Restore of Encrypted Files" topic:
Maybe the EFS support requires a new flag in the database for
each file, too?
Unfortunately, the implementation is not as straightforward as
1-to-1 replacement of BackupRead with ReadEncryptedFileRaw,
requiring some FD code rewrite to work with
encrypted-file-related callback functions.
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
Bacula-devel mailing list
This mailing list archive is a service of Copilotco.