rcreate --copy-ae-key: copy AE key from key of other repo, fixes #6710

default: create new, random authenticated encryption key.
2025-03-12 07:08:47 +00:00 · 2022-08-01 14:26:13 +02:00 · 2022-08-01 14:26:13 +02:00 · 9878956140
commit 9878956140
parent 7222574214
2 changed files with 19 additions and 4 deletions
--- a/src/borg/archiver/rcreate.py
+++ b/src/borg/archiver/rcreate.py
@ -21,6 +21,8 @@ class RCreateMixIn:
        """Create a new, empty repository"""
        path = args.location.canonical_path()
        logger.info('Initializing repository at "%s"' % path)
+        if other_key is not None:
+            other_key.copy_ae_key = args.copy_ae_key
        try:
            key = key_creator(repository, args, other_key=other_key)
        except (EOFError, KeyboardInterrupt):
@ -206,3 +208,9 @@ class RCreateMixIn:
            action="store_true",
            help="create the parent directories of the repository directory, if they are missing.",
        )
+        subparser.add_argument(
+            "--copy-ae-key",
+            dest="copy_ae_key",
+            action="store_true",
+            help="copy the authenticated encryption (AE) key from the key of the other repo (default: new random key).",
+        )
--- a/src/borg/crypto/key.py
+++ b/src/borg/crypto/key.py
@ -191,6 +191,7 @@ class KeyBase:
        self.compressor = Compressor("lz4")
        self.decompress = self.compressor.decompress
        self.tam_required = True
+        self.copy_ae_key = False

    def id_hash(self, data):
        """Return HMAC hash using the "id" HMAC key"""
@ -605,11 +606,17 @@ class FlexiKey:
                raise Error("Copying key material to an AES-CTR based mode is insecure and unsupported.")
            if not uses_same_id_hash(other_key, key):
                raise Error("You must keep the same ID hash (HMAC-SHA256 or BLAKE2b) or deduplication will break.")
+            if other_key.copy_ae_key:
+                # give the user the option to use the same authenticated encryption (AE) key
+                enc_key = other_key.enc_key
+                enc_hmac_key = other_key.enc_hmac_key
+            else:
+                # borg transfer re-encrypts all data anyway, thus we can default to a new, random AE key
+                data = os.urandom(64)
+                enc_key = data[0:32]
+                enc_hmac_key = data[32:64]
            key.init_from_given_data(
-                enc_key=other_key.enc_key,
-                enc_hmac_key=other_key.enc_hmac_key,
-                id_key=other_key.id_key,
-                chunk_seed=other_key.chunk_seed,
+                enc_key=enc_key, enc_hmac_key=enc_hmac_key, id_key=other_key.id_key, chunk_seed=other_key.chunk_seed
            )
            passphrase = other_key._passphrase
        else: