mirror of https://github.com/borgbackup/borg.git
implement password roundtrip, fixes #695
This commit is contained in:
parent
96702ec1e3
commit
95c4cf221d
20
borg/key.py
20
borg/key.py
|
@ -7,7 +7,7 @@ import textwrap
|
||||||
from hmac import HMAC, compare_digest
|
from hmac import HMAC, compare_digest
|
||||||
from hashlib import sha256, pbkdf2_hmac
|
from hashlib import sha256, pbkdf2_hmac
|
||||||
|
|
||||||
from .helpers import IntegrityError, get_keys_dir, Error
|
from .helpers import IntegrityError, get_keys_dir, Error, yes
|
||||||
from .logger import create_logger
|
from .logger import create_logger
|
||||||
logger = create_logger()
|
logger = create_logger()
|
||||||
|
|
||||||
|
@ -184,6 +184,23 @@ class Passphrase(str):
|
||||||
def getpass(cls, prompt):
|
def getpass(cls, prompt):
|
||||||
return cls(getpass.getpass(prompt))
|
return cls(getpass.getpass(prompt))
|
||||||
|
|
||||||
|
@classmethod
|
||||||
|
def verification(cls, passphrase):
|
||||||
|
if yes('Do you want your passphrase to be displayed for verification? [yN]: ',
|
||||||
|
env_var_override='BORG_DISPLAY_PASSPHRASE'):
|
||||||
|
print('Your passphrase (between double-quotes): "%s"' % passphrase,
|
||||||
|
file=sys.stderr)
|
||||||
|
print('Make sure the passphrase displayed above is exactly what you wanted.',
|
||||||
|
file=sys.stderr)
|
||||||
|
try:
|
||||||
|
passphrase.encode('ascii')
|
||||||
|
except UnicodeEncodeError:
|
||||||
|
print('Your passphrase (UTF-8 encoding in hex): %s' %
|
||||||
|
hexlify(passphrase.encode('utf-8')).decode('ascii'),
|
||||||
|
file=sys.stderr)
|
||||||
|
print('As you have a non-ASCII passphrase, it is recommended to keep the UTF-8 encoding in hex together with the passphrase at a safe place.',
|
||||||
|
file=sys.stderr)
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def new(cls, allow_empty=False):
|
def new(cls, allow_empty=False):
|
||||||
passphrase = cls.env_passphrase()
|
passphrase = cls.env_passphrase()
|
||||||
|
@ -194,6 +211,7 @@ class Passphrase(str):
|
||||||
if allow_empty or passphrase:
|
if allow_empty or passphrase:
|
||||||
passphrase2 = cls.getpass('Enter same passphrase again: ')
|
passphrase2 = cls.getpass('Enter same passphrase again: ')
|
||||||
if passphrase == passphrase2:
|
if passphrase == passphrase2:
|
||||||
|
cls.verification(passphrase)
|
||||||
logger.info('Remember your passphrase. Your data will be inaccessible without it.')
|
logger.info('Remember your passphrase. Your data will be inaccessible without it.')
|
||||||
return passphrase
|
return passphrase
|
||||||
else:
|
else:
|
||||||
|
|
|
@ -65,6 +65,10 @@ Compatibility notes:
|
||||||
if you give a timestamp via cli this is stored into 'time', therefore it now
|
if you give a timestamp via cli this is stored into 'time', therefore it now
|
||||||
needs to mean archive creation start time.
|
needs to mean archive creation start time.
|
||||||
|
|
||||||
|
New features:
|
||||||
|
|
||||||
|
- implement password roundtrip, #695
|
||||||
|
|
||||||
Bug fixes:
|
Bug fixes:
|
||||||
|
|
||||||
- remote end does not need cache nor keys directories, do not create them, #701
|
- remote end does not need cache nor keys directories, do not create them, #701
|
||||||
|
|
|
@ -63,6 +63,8 @@ General:
|
||||||
can either leave it away or abbreviate as `::`, if a positional parameter is required.
|
can either leave it away or abbreviate as `::`, if a positional parameter is required.
|
||||||
BORG_PASSPHRASE
|
BORG_PASSPHRASE
|
||||||
When set, use the value to answer the passphrase question for encrypted repositories.
|
When set, use the value to answer the passphrase question for encrypted repositories.
|
||||||
|
BORG_DISPLAY_PASSPHRASE
|
||||||
|
When set, use the value to answer the "display the passphrase for verification" question when defining a new passphrase for encrypted repositories.
|
||||||
BORG_LOGGING_CONF
|
BORG_LOGGING_CONF
|
||||||
When set, use the given filename as INI_-style logging configuration.
|
When set, use the given filename as INI_-style logging configuration.
|
||||||
BORG_RSH
|
BORG_RSH
|
||||||
|
|
Loading…
Reference in New Issue