mirror of
https://github.com/borgbackup/borg.git
synced 2024-12-25 09:19:31 +00:00
commit
fffdb59c71
1 changed files with 5 additions and 4 deletions
|
@ -152,16 +152,17 @@ Repository encryption is enabled at repository creation time::
|
|||
When repository encryption is enabled all data is encrypted using 256-bit AES_
|
||||
encryption and the integrity and authenticity is verified using `HMAC-SHA256`_.
|
||||
|
||||
All data is encrypted before being written to the repository. This means that
|
||||
an attacker who manages to compromise the host containing an encrypted
|
||||
archive will not be able to access any of the data.
|
||||
All data is encrypted on the client before being written to the repository. This
|
||||
means that an attacker who manages to compromise the host containing an
|
||||
encrypted archive will not be able to access any of the data, even as the backup
|
||||
is being made.
|
||||
|
||||
|project_name| supports different methods to store the AES and HMAC keys.
|
||||
|
||||
``repokey`` mode
|
||||
The key is stored inside the repository (in its "config" file).
|
||||
Use this mode if you trust in your good passphrase giving you enough
|
||||
protection.
|
||||
protection. The repository server never sees the plaintext key.
|
||||
|
||||
``keyfile`` mode
|
||||
The key is stored on your local disk (in ``~/.borg/keys/``).
|
||||
|
|
Loading…
Reference in a new issue