Ana Sayfa Keşfet Yardım
Giriş Yap
mirrors
/
borg
şunun yansıması https://github.com/borgbackup/borg
2
0
Çatalla 0
Dosyalar Sorunlar 0 Wiki
Kaynağa Gözat

Merge pull request #6921 from ThomasWaldmann/new-ae-key

rcreate --copy-ae-key: copy AE key from key of other repo, fixes #6710
TW 2 yıl önce
ebeveyn
1744c92967 9878956140
işleme
7fde480719
2 değiştirilmiş dosya ile 19 ekleme ve 4 silme
Görünümü Böl Farklılık Durumunu Göster
  1. 8 0
      src/borg/archiver/rcreate.py
  2. 11 4
      src/borg/crypto/key.py

+ 8 - 0
src/borg/archiver/rcreate.py
Dosyayı Görüntüle 

@@ -21,6 +21,8 @@ class RCreateMixIn:
 
         """Create a new, empty repository"""
 
         path = args.location.canonical_path()
 
         logger.info('Initializing repository at "%s"' % path)
 
+        if other_key is not None:
 
+            other_key.copy_ae_key = args.copy_ae_key
 
         try:
 
             key = key_creator(repository, args, other_key=other_key)
 
         except (EOFError, KeyboardInterrupt):
 
@@ -206,3 +208,9 @@ class RCreateMixIn:
 
             action="store_true",
 
             help="create the parent directories of the repository directory, if they are missing.",
 
         )
 
+        subparser.add_argument(
 
+            "--copy-ae-key",
 
+            dest="copy_ae_key",
 
+            action="store_true",
 
+            help="copy the authenticated encryption (AE) key from the key of the other repo (default: new random key).",
 
+        )

+ 11 - 4
src/borg/crypto/key.py
Dosyayı Görüntüle 

@@ -191,6 +191,7 @@ class KeyBase:
 
         self.compressor = Compressor("lz4")
 
         self.decompress = self.compressor.decompress
 
         self.tam_required = True
 
+        self.copy_ae_key = False
 
 
     def id_hash(self, data):
 
         """Return HMAC hash using the "id" HMAC key"""
 
@@ -605,11 +606,17 @@ class FlexiKey:
 
                 raise Error("Copying key material to an AES-CTR based mode is insecure and unsupported.")
 
             if not uses_same_id_hash(other_key, key):
 
                 raise Error("You must keep the same ID hash (HMAC-SHA256 or BLAKE2b) or deduplication will break.")
 
+            if other_key.copy_ae_key:
 
+                # give the user the option to use the same authenticated encryption (AE) key
 
+                enc_key = other_key.enc_key
 
+                enc_hmac_key = other_key.enc_hmac_key
 
+            else:
 
+                # borg transfer re-encrypts all data anyway, thus we can default to a new, random AE key
 
+                data = os.urandom(64)
 
+                enc_key = data[0:32]
 
+                enc_hmac_key = data[32:64]
 
             key.init_from_given_data(
 
-                enc_key=other_key.enc_key,
 
-                enc_hmac_key=other_key.enc_hmac_key,
 
-                id_key=other_key.id_key,
 
-                chunk_seed=other_key.chunk_seed,
 
+                enc_key=enc_key, enc_hmac_key=enc_hmac_key, id_key=other_key.id_key, chunk_seed=other_key.chunk_seed
 
             )
 
             passphrase = other_key._passphrase
 
         else: