1
0
Fork 0
mirror of https://github.com/borgbackup/borg.git synced 2024-12-23 08:16:54 +00:00

Merge pull request #715 from ThomasWaldmann/roundtrip-password

implement password roundtrip, fixes #695
This commit is contained in:
TW 2016-03-05 16:37:20 +01:00
commit a2e356dccf
3 changed files with 25 additions and 1 deletions

View file

@ -7,7 +7,7 @@
from hmac import HMAC, compare_digest
from hashlib import sha256, pbkdf2_hmac
from .helpers import IntegrityError, get_keys_dir, Error
from .helpers import IntegrityError, get_keys_dir, Error, yes
from .logger import create_logger
logger = create_logger()
@ -184,6 +184,23 @@ def env_passphrase(cls, default=None):
def getpass(cls, prompt):
return cls(getpass.getpass(prompt))
@classmethod
def verification(cls, passphrase):
if yes('Do you want your passphrase to be displayed for verification? [yN]: ',
env_var_override='BORG_DISPLAY_PASSPHRASE'):
print('Your passphrase (between double-quotes): "%s"' % passphrase,
file=sys.stderr)
print('Make sure the passphrase displayed above is exactly what you wanted.',
file=sys.stderr)
try:
passphrase.encode('ascii')
except UnicodeEncodeError:
print('Your passphrase (UTF-8 encoding in hex): %s' %
hexlify(passphrase.encode('utf-8')).decode('ascii'),
file=sys.stderr)
print('As you have a non-ASCII passphrase, it is recommended to keep the UTF-8 encoding in hex together with the passphrase at a safe place.',
file=sys.stderr)
@classmethod
def new(cls, allow_empty=False):
passphrase = cls.env_passphrase()
@ -194,6 +211,7 @@ def new(cls, allow_empty=False):
if allow_empty or passphrase:
passphrase2 = cls.getpass('Enter same passphrase again: ')
if passphrase == passphrase2:
cls.verification(passphrase)
logger.info('Remember your passphrase. Your data will be inaccessible without it.')
return passphrase
else:

View file

@ -65,6 +65,10 @@ Compatibility notes:
if you give a timestamp via cli this is stored into 'time', therefore it now
needs to mean archive creation start time.
New features:
- implement password roundtrip, #695
Bug fixes:
- remote end does not need cache nor keys directories, do not create them, #701

View file

@ -63,6 +63,8 @@ General:
can either leave it away or abbreviate as `::`, if a positional parameter is required.
BORG_PASSPHRASE
When set, use the value to answer the passphrase question for encrypted repositories.
BORG_DISPLAY_PASSPHRASE
When set, use the value to answer the "display the passphrase for verification" question when defining a new passphrase for encrypted repositories.
BORG_LOGGING_CONF
When set, use the given filename as INI_-style logging configuration.
BORG_RSH