mirror of
https://github.com/borgbackup/borg.git
synced 2026-06-15 04:21:38 -04:00
d2bc45f56d
Borg used to read the manifest's key-type byte and then look for the key in exactly one place (keyfile or repokey) depending on the key class that byte selected. As a result every crypto suite was duplicated into a keyfile class and a repokey class that differed only in TYPE, NAME, ARG_NAME and STORAGE. Now key *location* is independent of the type byte: detection tries keyfiles first and repokeys afterwards until a passphrase unlocks a key. The type byte still selects the crypto suite (id hash, MAC, cipher) to instantiate. Where a key is stored (keyfile vs repokey) is therefore a per-key property (self.storage), not a separate class, so a repository may even hold a mix of keyfile- and repo-stored borg keys. With storage decoupled from class identity, the keyfile/repokey class pairs collapse into one class per crypto suite: - modern AEAD: AESOCBKey, CHPOKey, Blake3AESOCBKey, Blake3CHPOKey - legacy borg 1.x (read-only): AESCTRKey, Blake2AESCTRKey There is now exactly one type byte per modern crypto suite (the old separate repokey type bytes 0x11/0x21/0x31/0x41 were removed; borg2 is beta and only needs to read repos it created). identify_key() matches on TYPES_ACCEPTABLE. CLI: --encryption selects only the crypto suite (aes-ocb, chacha20-poly1305, blake3-aes-ocb, blake3-chacha20-poly1305, authenticated*, none); the storage location is chosen with the new --key-location=repokey|keyfile (default repokey). The old combined modes (repokey-aes-ocb etc.) were removed. borg key import also gained --key-location. borg key change-location no longer swaps key classes or rewrites the manifest; it just re-saves the unlocked key at the new location. Keyfile removal (key remove, change-location) now overwrites the keyfile with random data via secure_erase() before unlinking, consistent with save(). borg 1.x legacy read compatibility is preserved (the legacy class merge is a behavior-preserving rename; the legacy type bytes incl. PASSPHRASE stay in TYPES_ACCEPTABLE). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| general | ||
| analyze.rst | ||
| analyze.rst.inc | ||
| benchmark.rst | ||
| benchmark_cpu.rst.inc | ||
| benchmark_crud.rst.inc | ||
| borgfs.rst | ||
| borgfs.rst.inc | ||
| break-lock.rst.inc | ||
| check.rst | ||
| check.rst.inc | ||
| common-options.rst.inc | ||
| compact.rst | ||
| compact.rst.inc | ||
| completion.rst | ||
| completion.rst.inc | ||
| create.rst | ||
| create.rst.inc | ||
| debug.rst | ||
| delete.rst | ||
| delete.rst.inc | ||
| diff.rst | ||
| diff.rst.inc | ||
| export-tar.rst.inc | ||
| extract.rst | ||
| extract.rst.inc | ||
| general.rst | ||
| help.rst | ||
| help.rst.inc | ||
| import-tar.rst.inc | ||
| info.rst | ||
| info.rst.inc | ||
| key.rst | ||
| key_change-location.rst.inc | ||
| key_change-passphrase.rst.inc | ||
| key_export.rst.inc | ||
| key_import.rst.inc | ||
| list.rst | ||
| list.rst.inc | ||
| lock.rst | ||
| mount.rst | ||
| mount.rst.inc | ||
| notes.rst | ||
| prune.rst | ||
| prune.rst.inc | ||
| recreate.rst | ||
| recreate.rst.inc | ||
| rename.rst | ||
| rename.rst.inc | ||
| repo-create.rst | ||
| repo-create.rst.inc | ||
| repo-delete.rst | ||
| repo-delete.rst.inc | ||
| repo-info.rst | ||
| repo-info.rst.inc | ||
| repo-list.rst | ||
| repo-list.rst.inc | ||
| repo-space.rst | ||
| repo-space.rst.inc | ||
| serve.rst | ||
| serve.rst.inc | ||
| tag.rst | ||
| tag.rst.inc | ||
| tar.rst | ||
| transfer.rst | ||
| transfer.rst.inc | ||
| umount.rst.inc | ||
| undelete.rst | ||
| undelete.rst.inc | ||
| usage_general.rst.inc | ||
| version.rst | ||
| version.rst.inc | ||
| with-lock.rst.inc | ||