amcryptsimple uses one passphrase to encrypt the Amanda data and uses the same passphrase to decrypt the Amanda backup data. amcryptsimple uses AES256 as the symmetric cipher.
Store the passphrase inside the home-directory of the Amanda user ($amanda_user) and protect it with proper permissions:
echo my_secret_passphrase > ~$amanda_user/.am_passphrase chown $amanda_user:disk ~$amanda_user/.am_passphrase chmod 700 ~$amanda_user/.am_passphrase
Choose a good passphrase and protect it properly. Backup data can only be restored with the passphrase. There is no backdoor.
If storing and securing passphrase in your environment presents challenges, Amanda provide public-key data encryption through amgpgcrypt. Public-key encryption uses the public key to encrypt and uses the private key to decrypt.
amanda(8), amanda.conf(5), amcrypt(8), amgpgcrypt(8), amrestore(8), gpg(1)
The Amanda Wiki: : http://wiki.zmanda.com/
Kevin Till <email@example.com>