mirror of
https://github.com/borgbackup/borg.git
synced 2024-12-23 08:16:54 +00:00
Merge pull request #715 from ThomasWaldmann/roundtrip-password
implement password roundtrip, fixes #695
This commit is contained in:
commit
a2e356dccf
3 changed files with 25 additions and 1 deletions
20
borg/key.py
20
borg/key.py
|
@ -7,7 +7,7 @@
|
|||
from hmac import HMAC, compare_digest
|
||||
from hashlib import sha256, pbkdf2_hmac
|
||||
|
||||
from .helpers import IntegrityError, get_keys_dir, Error
|
||||
from .helpers import IntegrityError, get_keys_dir, Error, yes
|
||||
from .logger import create_logger
|
||||
logger = create_logger()
|
||||
|
||||
|
@ -184,6 +184,23 @@ def env_passphrase(cls, default=None):
|
|||
def getpass(cls, prompt):
|
||||
return cls(getpass.getpass(prompt))
|
||||
|
||||
@classmethod
|
||||
def verification(cls, passphrase):
|
||||
if yes('Do you want your passphrase to be displayed for verification? [yN]: ',
|
||||
env_var_override='BORG_DISPLAY_PASSPHRASE'):
|
||||
print('Your passphrase (between double-quotes): "%s"' % passphrase,
|
||||
file=sys.stderr)
|
||||
print('Make sure the passphrase displayed above is exactly what you wanted.',
|
||||
file=sys.stderr)
|
||||
try:
|
||||
passphrase.encode('ascii')
|
||||
except UnicodeEncodeError:
|
||||
print('Your passphrase (UTF-8 encoding in hex): %s' %
|
||||
hexlify(passphrase.encode('utf-8')).decode('ascii'),
|
||||
file=sys.stderr)
|
||||
print('As you have a non-ASCII passphrase, it is recommended to keep the UTF-8 encoding in hex together with the passphrase at a safe place.',
|
||||
file=sys.stderr)
|
||||
|
||||
@classmethod
|
||||
def new(cls, allow_empty=False):
|
||||
passphrase = cls.env_passphrase()
|
||||
|
@ -194,6 +211,7 @@ def new(cls, allow_empty=False):
|
|||
if allow_empty or passphrase:
|
||||
passphrase2 = cls.getpass('Enter same passphrase again: ')
|
||||
if passphrase == passphrase2:
|
||||
cls.verification(passphrase)
|
||||
logger.info('Remember your passphrase. Your data will be inaccessible without it.')
|
||||
return passphrase
|
||||
else:
|
||||
|
|
|
@ -65,6 +65,10 @@ Compatibility notes:
|
|||
if you give a timestamp via cli this is stored into 'time', therefore it now
|
||||
needs to mean archive creation start time.
|
||||
|
||||
New features:
|
||||
|
||||
- implement password roundtrip, #695
|
||||
|
||||
Bug fixes:
|
||||
|
||||
- remote end does not need cache nor keys directories, do not create them, #701
|
||||
|
|
|
@ -63,6 +63,8 @@ General:
|
|||
can either leave it away or abbreviate as `::`, if a positional parameter is required.
|
||||
BORG_PASSPHRASE
|
||||
When set, use the value to answer the passphrase question for encrypted repositories.
|
||||
BORG_DISPLAY_PASSPHRASE
|
||||
When set, use the value to answer the "display the passphrase for verification" question when defining a new passphrase for encrypted repositories.
|
||||
BORG_LOGGING_CONF
|
||||
When set, use the given filename as INI_-style logging configuration.
|
||||
BORG_RSH
|
||||
|
|
Loading…
Reference in a new issue