mirror of https://github.com/borgbackup/borg.git
docs: rcreate: explain "related repo"
This commit is contained in:
Thomas Waldmann
parent
630097a99f
commit
bcd7ab3dec
|
|
@ -15,6 +15,7 @@ Examples
|
|||
$ borg rcreate --encryption=repokey-blake2-chacha20-poly1305
|
||||
# no encryption, not recommended
|
||||
$ borg rcreate --encryption=authenticated
|
||||
$ borg rcreate --encryption=authenticated-blake2
|
||||
$ borg rcreate --encryption=none
|
||||
|
||||
# Remote repository (accesses a remote borg via ssh)
|
||||
|
|
|
|||
|
|
@ -80,7 +80,7 @@ class RCreateMixIn:
|
|||
have the key and know the passphrase. Make sure to keep a backup of
|
||||
your key **outside** the repository - do not lock yourself out by
|
||||
"leaving your keys inside your car" (see :ref:`borg_key_export`).
|
||||
For remote backups the encryption is done locally - the remote machine
|
||||
The encryption is done locally - if you use a remote repository, the remote machine
|
||||
never sees your passphrase, your unencrypted key or your unencrypted files.
|
||||
Chunking and id generation are also based on your key to improve
|
||||
your privacy.
|
||||
|
|
@ -125,27 +125,23 @@ class RCreateMixIn:
|
|||
|
||||
.. nanorst: inline-fill
|
||||
|
||||
+-----------------------------------+--------------+----------------+--------------------+---------+
|
||||
| Mode (K = keyfile or repokey) | ID-Hash | Encryption | Authentication | V >= |
|
||||
+-----------------------------------+--------------+----------------+--------------------+---------+
|
||||
| K-blake2-chacha20-poly1305 | BLAKE2b | CHACHA20 | POLY1305 | 2.0 |
|
||||
+-----------------------------------+--------------+----------------+--------------------+---------+
|
||||
| K-chacha20-poly1305 | HMAC-SHA-256 | CHACHA20 | POLY1305 | 2.0 |
|
||||
+-----------------------------------+--------------+----------------+--------------------+---------+
|
||||
| K-blake2-aes-ocb | BLAKE2b | AES256-OCB | AES256-OCB | 2.0 |
|
||||
+-----------------------------------+--------------+----------------+--------------------+---------+
|
||||
| K-aes-ocb | HMAC-SHA-256 | AES256-OCB | AES256-OCB | 2.0 |
|
||||
+-----------------------------------+--------------+----------------+--------------------+---------+
|
||||
| K-blake2 | BLAKE2b | AES256-CTR | BLAKE2b | 1.1 |
|
||||
+-----------------------------------+--------------+----------------+--------------------+---------+
|
||||
| K | HMAC-SHA-256 | AES256-CTR | HMAC-SHA256 | any |
|
||||
+-----------------------------------+--------------+----------------+--------------------+---------+
|
||||
| authenticated-blake2 | BLAKE2b | none | BLAKE2b | 1.1 |
|
||||
+-----------------------------------+--------------+----------------+--------------------+---------+
|
||||
| authenticated | HMAC-SHA-256 | none | HMAC-SHA256 | 1.1 |
|
||||
+-----------------------------------+--------------+----------------+--------------------+---------+
|
||||
| none | SHA-256 | none | none | any |
|
||||
+-----------------------------------+--------------+----------------+--------------------+---------+
|
||||
+-----------------------------------+--------------+----------------+--------------------+
|
||||
| Mode (K = keyfile or repokey) | ID-Hash | Encryption | Authentication |
|
||||
+-----------------------------------+--------------+----------------+--------------------+
|
||||
| K-blake2-chacha20-poly1305 | BLAKE2b | CHACHA20 | POLY1305 |
|
||||
+-----------------------------------+--------------+----------------+--------------------+
|
||||
| K-chacha20-poly1305 | HMAC-SHA-256 | CHACHA20 | POLY1305 |
|
||||
+-----------------------------------+--------------+----------------+--------------------+
|
||||
| K-blake2-aes-ocb | BLAKE2b | AES256-OCB | AES256-OCB |
|
||||
+-----------------------------------+--------------+----------------+--------------------+
|
||||
| K-aes-ocb | HMAC-SHA-256 | AES256-OCB | AES256-OCB |
|
||||
+-----------------------------------+--------------+----------------+--------------------+
|
||||
| authenticated-blake2 | BLAKE2b | none | BLAKE2b |
|
||||
+-----------------------------------+--------------+----------------+--------------------+
|
||||
| authenticated | HMAC-SHA-256 | none | HMAC-SHA256 |
|
||||
+-----------------------------------+--------------+----------------+--------------------+
|
||||
| none | SHA-256 | none | none |
|
||||
+-----------------------------------+--------------+----------------+--------------------+
|
||||
|
||||
.. nanorst: inline-replace
|
||||
|
||||
|
|
@ -156,6 +152,19 @@ class RCreateMixIn:
|
|||
If you do **not** want to encrypt the contents of your backups, but still want to detect
|
||||
malicious tampering use an `authenticated` mode. It's like `repokey` minus encryption.
|
||||
|
||||
Creating a related repository
|
||||
+++++++++++++++++++++++++++++
|
||||
|
||||
A related repository uses same secret key material as the other/original repository.
|
||||
|
||||
By default, only the ID key and chunker secret will be the same (these are important
|
||||
for deduplication) and the AE crypto keys will be newly generated random keys.
|
||||
|
||||
Optionally, if you use ``--copy-ae-key`` you can also keep the same AE crypto keys
|
||||
(used for authenticated encryption). Might be desired e.g. if you want to have less
|
||||
keys to manage.
|
||||
|
||||
Creating related repositories is useful e.g. if you want to use ``borg transfer`` later.
|
||||
"""
|
||||
)
|
||||
subparser = subparsers.add_parser(
|
||||
|
|
|
|||
Loading…
Reference in New Issue