Skip to content

CASTOR-5350: Encryption backend

Steve Laskaridis requested to merge slaskari/CASTOR:encryption_backend into master


The aim of this merge request is to incorporate encryption support into CASTOR. The proposed changes are to be used in conjunction with the operators' ExternalEncryptionKeyScript.

The aim is to enable encryption in specific tape pools of CASTOR.


  • Introduce encryption SCSI backend to DriveGeneric.
  • Introduce encryption control wrapper (castor/tape/tapeserver/daemon/EncryptionControl) for abstracting the two sub-components of:
    • Calling the ExternalEncryptionKeyScript,
    • Calling the equivalent DriveGeneric function for passing/clearing the encryption parameters to/from the drive.
  • Add new configuration option in castor.conf for the external key management script.
  • Create a Subprocess wrapper for executing external commands as CASTOR children (castor/server/Subprocess.{h,c}pp).
  • Incorporate encryption handling in the:
    • DataTransferSession
    • LabelSession
    • CleanerSession
  • Add encryption control timer in the task Watchdog.

Merge request reports