mirror of https://github.com/borgbackup/borg.git
1b6f928917
writing: put type into repoobj metadata reading: check wanted type against type we got repoobj metadata is encrypted and authenticated. repoobj data is encrypted and authenticated, also (separately). encryption and decryption of both metadata and data get the same "chunk ID" as AAD, so both are "bound" to that (same) ID. a repo-side attacker can neither see cleartext metadata/data, nor successfully tamper with it (AEAD decryption would fail). also, a repo-side attacker could not replace a repoobj A with a differently typed repoobj B without borg noticing: - the metadata/data is cryptographically bound to its ID. authentication/decryption would fail on mismatch. - the type check would fail. thus, the problem (see CVEs in changelog) solved in borg 1 by the manifest and archive TAMs is now already solved by the type check. |
||
|---|---|---|
| .. | ||
| __init__.py | ||
| _common.py | ||
| benchmark_cmd.py | ||
| check_cmd.py | ||
| compact_cmd.py | ||
| config_cmd.py | ||
| create_cmd.py | ||
| debug_cmd.py | ||
| delete_cmd.py | ||
| diff_cmd.py | ||
| extract_cmd.py | ||
| help_cmd.py | ||
| info_cmd.py | ||
| key_cmds.py | ||
| list_cmd.py | ||
| lock_cmds.py | ||
| mount_cmds.py | ||
| prune_cmd.py | ||
| rcompress_cmd.py | ||
| rcreate_cmd.py | ||
| rdelete_cmd.py | ||
| recreate_cmd.py | ||
| rename_cmd.py | ||
| rinfo_cmd.py | ||
| rlist_cmd.py | ||
| serve_cmd.py | ||
| tar_cmds.py | ||
| transfer_cmd.py | ||