浏览代码

docs: rcreate: explain "related repo"

Thomas Waldmann 3 年之前
父节点
当前提交
bcd7ab3dec
共有 2 个文件被更改,包括 32 次插入22 次删除
  1. 1 0
      docs/usage/rcreate.rst
  2. 31 22
      src/borg/archiver/rcreate.py

+ 1 - 0
docs/usage/rcreate.rst

@@ -15,6 +15,7 @@ Examples
     $ borg rcreate --encryption=repokey-blake2-chacha20-poly1305
     # no encryption, not recommended
     $ borg rcreate --encryption=authenticated
+    $ borg rcreate --encryption=authenticated-blake2
     $ borg rcreate --encryption=none
 
     # Remote repository (accesses a remote borg via ssh)

+ 31 - 22
src/borg/archiver/rcreate.py

@@ -80,7 +80,7 @@ class RCreateMixIn:
            have the key and know the passphrase. Make sure to keep a backup of
            your key **outside** the repository - do not lock yourself out by
            "leaving your keys inside your car" (see :ref:`borg_key_export`).
-           For remote backups the encryption is done locally - the remote machine
+           The encryption is done locally - if you use a remote repository, the remote machine
            never sees your passphrase, your unencrypted key or your unencrypted files.
            Chunking and id generation are also based on your key to improve
            your privacy.
@@ -125,27 +125,23 @@ class RCreateMixIn:
 
         .. nanorst: inline-fill
 
-        +-----------------------------------+--------------+----------------+--------------------+---------+
-        | Mode (K = keyfile or repokey)     | ID-Hash      | Encryption     | Authentication     | V >=    |
-        +-----------------------------------+--------------+----------------+--------------------+---------+
-        | K-blake2-chacha20-poly1305        | BLAKE2b      | CHACHA20       | POLY1305           | 2.0     |
-        +-----------------------------------+--------------+----------------+--------------------+---------+
-        | K-chacha20-poly1305               | HMAC-SHA-256 | CHACHA20       | POLY1305           | 2.0     |
-        +-----------------------------------+--------------+----------------+--------------------+---------+
-        | K-blake2-aes-ocb                  | BLAKE2b      | AES256-OCB     | AES256-OCB         | 2.0     |
-        +-----------------------------------+--------------+----------------+--------------------+---------+
-        | K-aes-ocb                         | HMAC-SHA-256 | AES256-OCB     | AES256-OCB         | 2.0     |
-        +-----------------------------------+--------------+----------------+--------------------+---------+
-        | K-blake2                          | BLAKE2b      | AES256-CTR     | BLAKE2b            | 1.1     |
-        +-----------------------------------+--------------+----------------+--------------------+---------+
-        | K                                 | HMAC-SHA-256 | AES256-CTR     | HMAC-SHA256        | any     |
-        +-----------------------------------+--------------+----------------+--------------------+---------+
-        | authenticated-blake2              | BLAKE2b      | none           | BLAKE2b            | 1.1     |
-        +-----------------------------------+--------------+----------------+--------------------+---------+
-        | authenticated                     | HMAC-SHA-256 | none           | HMAC-SHA256        | 1.1     |
-        +-----------------------------------+--------------+----------------+--------------------+---------+
-        | none                              | SHA-256      | none           | none               | any     |
-        +-----------------------------------+--------------+----------------+--------------------+---------+
+        +-----------------------------------+--------------+----------------+--------------------+
+        | Mode (K = keyfile or repokey)     | ID-Hash      | Encryption     | Authentication     |
+        +-----------------------------------+--------------+----------------+--------------------+
+        | K-blake2-chacha20-poly1305        | BLAKE2b      | CHACHA20       | POLY1305           |
+        +-----------------------------------+--------------+----------------+--------------------+
+        | K-chacha20-poly1305               | HMAC-SHA-256 | CHACHA20       | POLY1305           |
+        +-----------------------------------+--------------+----------------+--------------------+
+        | K-blake2-aes-ocb                  | BLAKE2b      | AES256-OCB     | AES256-OCB         |
+        +-----------------------------------+--------------+----------------+--------------------+
+        | K-aes-ocb                         | HMAC-SHA-256 | AES256-OCB     | AES256-OCB         |
+        +-----------------------------------+--------------+----------------+--------------------+
+        | authenticated-blake2              | BLAKE2b      | none           | BLAKE2b            |
+        +-----------------------------------+--------------+----------------+--------------------+
+        | authenticated                     | HMAC-SHA-256 | none           | HMAC-SHA256        |
+        +-----------------------------------+--------------+----------------+--------------------+
+        | none                              | SHA-256      | none           | none               |
+        +-----------------------------------+--------------+----------------+--------------------+
 
         .. nanorst: inline-replace
 
@@ -156,6 +152,19 @@ class RCreateMixIn:
         If you do **not** want to encrypt the contents of your backups, but still want to detect
         malicious tampering use an `authenticated` mode. It's like `repokey` minus encryption.
 
+        Creating a related repository
+        +++++++++++++++++++++++++++++
+
+        A related repository uses same secret key material as the other/original repository.
+
+        By default, only the ID key and chunker secret will be the same (these are important
+        for deduplication) and the AE crypto keys will be newly generated random keys.
+
+        Optionally, if you use ``--copy-ae-key`` you can also keep the same AE crypto keys
+        (used for authenticated encryption). Might be desired e.g. if you want to have less
+        keys to manage.
+
+        Creating related repositories is useful e.g. if you want to use ``borg transfer`` later.
         """
         )
         subparser = subparsers.add_parser(