load_key: no key is same as empty key, fixes #6441

when migrating from repokey to keyfile, we just store an empty key into the repo config,
because we do not have a "delete key" RPC api. thus, empty key means "there is no key".

here we fix load_key, so that it does not behave differently for no key and empty key:
in both cases, it just returns an empty value.

additionally, we strip the value we get from the config, so whitespace does not matter.

All callers now check for the repokey not being empty, otherwise RepoKeyNotFoundError
is raised.

src/borg/crypto/key.py

@@ -1,4 +1,3 @@
-import configparser
 import getpass
 import os
 import shlex
@@ -775,11 +774,11 @@ class RepoKey(ID_HMAC_SHA_256, KeyfileKeyBase):
 
     def find_key(self):
         loc = self.repository._location.canonical_path()
-        try:
-            self.repository.load_key()
-            return loc
-        except configparser.NoOptionError:
+        key = self.repository.load_key()
+        if not key:
+            # if we got an empty key, it means there is no key.
             raise RepoKeyNotFoundError(loc) from None
+        return loc
 
     def get_new_target(self, args):
         return self.repository
@@ -792,6 +791,10 @@ class RepoKey(ID_HMAC_SHA_256, KeyfileKeyBase):
         # what we get in target is just a repo location, but we already have the repo obj:
         target = self.repository
         key_data = target.load_key()
+        if not key_data:
+            # if we got an empty key, it means there is no key.
+            loc = target._location.canonical_path()
+            raise RepoKeyNotFoundError(loc) from None
         key_data = key_data.decode('utf-8')  # remote repo: msgpack issue #99, getting bytes
         success = self._load(key_data, passphrase)
         if success:

src/borg/crypto/keymanager.py

@@ -7,7 +7,7 @@ from hashlib import sha256
 from ..helpers import Manifest, NoManifestError, Error, yes, bin_to_hex, dash_open
 from ..repository import Repository
 
-from .key import KeyfileKey, KeyfileNotFoundError, KeyBlobStorage, identify_key
+from .key import KeyfileKey, KeyfileNotFoundError, RepoKeyNotFoundError, KeyBlobStorage, identify_key
 
 
 class UnencryptedRepo(Error):
@@ -56,7 +56,12 @@ class KeyManager:
                 self.keyblob = ''.join(fd.readlines()[1:])
 
         elif self.keyblob_storage == KeyBlobStorage.REPO:
-            self.keyblob = self.repository.load_key().decode()
+            key_data = self.repository.load_key().decode()
+            if not key_data:
+                # if we got an empty key, it means there is no key.
+                loc = self.repository._location.canonical_path()
+                raise RepoKeyNotFoundError(loc) from None
+            self.keyblob = key_data
 
     def store_keyblob(self, args):
         if self.keyblob_storage == KeyBlobStorage.KEYFILE:

src/borg/repository.py

@@ -337,7 +337,8 @@ class Repository:
         self.save_config(self.path, self.config)
 
     def load_key(self):
-        keydata = self.config.get('repository', 'key')
+        keydata = self.config.get('repository', 'key', fallback='').strip()
+        # note: if we return an empty string, it means there is no repo key
         return keydata.encode('utf-8')  # remote repo: msgpack issue #99, returning bytes
 
     def get_free_nonce(self):