Here is a set of patches to Amanda 2.4.1p1 to add a dumptype boolean
option called "sencrypt."  The default value for sencrypt is "no"

If "sencrypt" is set to "yes" then sendbackup will try to use an
SSL encryption filter when sending a dump image to the tape server.

This patch causes sendbackup to spawn an encryption program in much
the same way as it would spawn a gzip process to handle compression. 
The file descriptors are lined up so that the image is sent via the
encryption program before being transmitted across the network.

On the server side, dumper spawns a child process to decrypt the
backup image as it arrives off the network.

This patch makes use of an SSL encrypt/decrypt program called sst[*]
but given the nature of the changes, it should be possible to replace
sst with any other similarly-configured encrypt/decrypt tool(s).

The file "sencrypt" in this directory contains the context diffs needed
for applying the changes with patch(1).  This mod has been tested on
BSDi, FreeBSD, SunOS-4 and RedHat Linux.

---

We started using Amanda just last year to backup our group's various
unix boxes on an inherited EXB210 tape robot.  It's working quite well.
We're pretty happy with it and it's already saved our butts a few times.
But there was just one thing missing - encryption (actually, Amanda
already supports Kerberos encryption but we weren't quite ready to mess
with Kerberos.  And with the growing acceptance of OpenSSL, SSL tools
seemed to offer more flexibility).  Hence this patch.

Please note that we only ever use sendbackup-dump here so
the mods to sendbackup-gnutar have never really been tested.

P Kern
2000/03/29
pkern at utcc.utoronto.ca

---

[*] see "http://utcc.utoronto.ca/~pkern/stuff/sst/"
   sst was put together mainly to provide SSL encryption for Amanda
   but it can also be used for interactive SSL tunneling or as an SSL
   front-end to inetd services.