In this InfoSec Institute article the author presents a process of creating the PKI private/public key pairs to use in data encryption with Bacula. Encrypting the data backups directly on the Bacula file daemon prior to sending it to the Bacula storage daemon ensures that data is encrypted at all times and only the Bacula file daemon is able to decrypt it.
Read the full article here – http://resources.infosecinstitute.com/data-backups-bacula-backup-encryption/