mirror/borg
1
0
Fork 0
mirror of https://github.com/borgbackup/borg.git synced 2025-03-04 02:28:34 +00:00
Code Issues Releases Wiki Activity

docs: rcreate: explain "related repo"

Browse source
This commit is contained in:
Thomas Waldmann 2022-08-03 18:20:10 +02:00
parent 630097a99f
commit bcd7ab3dec
2 changed files with 32 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
docs/usage/rcreate.rst
View file

@ -15,6 +15,7 @@ Examples
$ borg rcreate --encryption=repokey-blake2-chacha20-poly1305
# no encryption, not recommended
$ borg rcreate --encryption=authenticated
$ borg rcreate --encryption=authenticated-blake2
$ borg rcreate --encryption=none
# Remote repository (accesses a remote borg via ssh)

53
src/borg/archiver/rcreate.py
View file

@ -80,7 +80,7 @@ class RCreateMixIn:
have the key and know the passphrase. Make sure to keep a backup of
your key **outside** the repository - do not lock yourself out by
"leaving your keys inside your car" (see :ref:`borg_key_export`).
For remote backups the encryption is done locally - the remote machine
The encryption is done locally - if you use a remote repository, the remote machine
never sees your passphrase, your unencrypted key or your unencrypted files.
Chunking and id generation are also based on your key to improve
your privacy.
@ -125,27 +125,23 @@ class RCreateMixIn:
.. nanorst: inline-fill
+-----------------------------------+--------------+----------------+--------------------+---------+
| Mode (K = keyfile or repokey) | ID-Hash | Encryption | Authentication | V >= |
+-----------------------------------+--------------+----------------+--------------------+---------+
| K-blake2-chacha20-poly1305 | BLAKE2b | CHACHA20 | POLY1305 | 2.0 |
+-----------------------------------+--------------+----------------+--------------------+---------+
| K-chacha20-poly1305 | HMAC-SHA-256 | CHACHA20 | POLY1305 | 2.0 |
+-----------------------------------+--------------+----------------+--------------------+---------+
| K-blake2-aes-ocb | BLAKE2b | AES256-OCB | AES256-OCB | 2.0 |
+-----------------------------------+--------------+----------------+--------------------+---------+
| K-aes-ocb | HMAC-SHA-256 | AES256-OCB | AES256-OCB | 2.0 |
+-----------------------------------+--------------+----------------+--------------------+---------+
| K-blake2 | BLAKE2b | AES256-CTR | BLAKE2b | 1.1 |
+-----------------------------------+--------------+----------------+--------------------+---------+
| K | HMAC-SHA-256 | AES256-CTR | HMAC-SHA256 | any |
+-----------------------------------+--------------+----------------+--------------------+---------+
| authenticated-blake2 | BLAKE2b | none | BLAKE2b | 1.1 |
+-----------------------------------+--------------+----------------+--------------------+---------+
| authenticated | HMAC-SHA-256 | none | HMAC-SHA256 | 1.1 |
+-----------------------------------+--------------+----------------+--------------------+---------+
| none | SHA-256 | none | none | any |
+-----------------------------------+--------------+----------------+--------------------+---------+
+-----------------------------------+--------------+----------------+--------------------+
| Mode (K = keyfile or repokey) | ID-Hash | Encryption | Authentication |
+-----------------------------------+--------------+----------------+--------------------+
| K-blake2-chacha20-poly1305 | BLAKE2b | CHACHA20 | POLY1305 |
+-----------------------------------+--------------+----------------+--------------------+
| K-chacha20-poly1305 | HMAC-SHA-256 | CHACHA20 | POLY1305 |
+-----------------------------------+--------------+----------------+--------------------+
| K-blake2-aes-ocb | BLAKE2b | AES256-OCB | AES256-OCB |
+-----------------------------------+--------------+----------------+--------------------+
| K-aes-ocb | HMAC-SHA-256 | AES256-OCB | AES256-OCB |
+-----------------------------------+--------------+----------------+--------------------+
| authenticated-blake2 | BLAKE2b | none | BLAKE2b |
+-----------------------------------+--------------+----------------+--------------------+
| authenticated | HMAC-SHA-256 | none | HMAC-SHA256 |
+-----------------------------------+--------------+----------------+--------------------+
| none | SHA-256 | none | none |
+-----------------------------------+--------------+----------------+--------------------+
.. nanorst: inline-replace
@ -156,6 +152,19 @@ class RCreateMixIn:
If you do **not** want to encrypt the contents of your backups, but still want to detect
malicious tampering use an `authenticated` mode. It's like `repokey` minus encryption.
Creating a related repository
+++++++++++++++++++++++++++++
A related repository uses same secret key material as the other/original repository.
By default, only the ID key and chunker secret will be the same (these are important
for deduplication) and the AE crypto keys will be newly generated random keys.
Optionally, if you use ``--copy-ae-key`` you can also keep the same AE crypto keys
(used for authenticated encryption). Might be desired e.g. if you want to have less
keys to manage.
Creating related repositories is useful e.g. if you want to use ``borg transfer`` later.
"""
)
subparser = subparsers.add_parser(