mirror of https://github.com/borgbackup/borg.git
Merge pull request #6931 from ThomasWaldmann/copy-crypt-key
rename --copy-ae-key into --copy-crypt-key
This commit is contained in:
commit
23eb28d3b8
|
@ -22,7 +22,7 @@ class RCreateMixIn:
|
||||||
path = args.location.canonical_path()
|
path = args.location.canonical_path()
|
||||||
logger.info('Initializing repository at "%s"' % path)
|
logger.info('Initializing repository at "%s"' % path)
|
||||||
if other_key is not None:
|
if other_key is not None:
|
||||||
other_key.copy_ae_key = args.copy_ae_key
|
other_key.copy_crypt_key = args.copy_crypt_key
|
||||||
try:
|
try:
|
||||||
key = key_creator(repository, args, other_key=other_key)
|
key = key_creator(repository, args, other_key=other_key)
|
||||||
except (EOFError, KeyboardInterrupt):
|
except (EOFError, KeyboardInterrupt):
|
||||||
|
@ -160,7 +160,7 @@ class RCreateMixIn:
|
||||||
By default, only the ID key and chunker secret will be the same (these are important
|
By default, only the ID key and chunker secret will be the same (these are important
|
||||||
for deduplication) and the AE crypto keys will be newly generated random keys.
|
for deduplication) and the AE crypto keys will be newly generated random keys.
|
||||||
|
|
||||||
Optionally, if you use ``--copy-ae-key`` you can also keep the same AE crypto keys
|
Optionally, if you use ``--copy-crypt-key`` you can also keep the same crypt_key
|
||||||
(used for authenticated encryption). Might be desired e.g. if you want to have less
|
(used for authenticated encryption). Might be desired e.g. if you want to have less
|
||||||
keys to manage.
|
keys to manage.
|
||||||
|
|
||||||
|
@ -218,8 +218,9 @@ class RCreateMixIn:
|
||||||
help="create the parent directories of the repository directory, if they are missing.",
|
help="create the parent directories of the repository directory, if they are missing.",
|
||||||
)
|
)
|
||||||
subparser.add_argument(
|
subparser.add_argument(
|
||||||
"--copy-ae-key",
|
"--copy-crypt-key",
|
||||||
dest="copy_ae_key",
|
dest="copy_crypt_key",
|
||||||
action="store_true",
|
action="store_true",
|
||||||
help="copy the authenticated encryption (AE) key from the key of the other repo (default: new random key).",
|
help="copy the crypt_key (used for authenticated encryption) from the key of the other repo "
|
||||||
|
"(default: new random key).",
|
||||||
)
|
)
|
||||||
|
|
|
@ -191,7 +191,7 @@ class KeyBase:
|
||||||
self.compressor = Compressor("lz4")
|
self.compressor = Compressor("lz4")
|
||||||
self.decompress = self.compressor.decompress
|
self.decompress = self.compressor.decompress
|
||||||
self.tam_required = True
|
self.tam_required = True
|
||||||
self.copy_ae_key = False
|
self.copy_crypt_key = False
|
||||||
|
|
||||||
def id_hash(self, data):
|
def id_hash(self, data):
|
||||||
"""Return HMAC hash using the "id" HMAC key"""
|
"""Return HMAC hash using the "id" HMAC key"""
|
||||||
|
@ -603,7 +603,7 @@ class FlexiKey:
|
||||||
raise Error("Copying key material to an AES-CTR based mode is insecure and unsupported.")
|
raise Error("Copying key material to an AES-CTR based mode is insecure and unsupported.")
|
||||||
if not uses_same_id_hash(other_key, key):
|
if not uses_same_id_hash(other_key, key):
|
||||||
raise Error("You must keep the same ID hash (HMAC-SHA256 or BLAKE2b) or deduplication will break.")
|
raise Error("You must keep the same ID hash (HMAC-SHA256 or BLAKE2b) or deduplication will break.")
|
||||||
if other_key.copy_ae_key:
|
if other_key.copy_crypt_key:
|
||||||
# give the user the option to use the same authenticated encryption (AE) key
|
# give the user the option to use the same authenticated encryption (AE) key
|
||||||
crypt_key = other_key.crypt_key
|
crypt_key = other_key.crypt_key
|
||||||
else:
|
else:
|
||||||
|
|
Loading…
Reference in New Issue