Failed to decrypt snapshots

I have a project that was being backed up to a bucket in B2, with just one snapshot-id, and had about 20 revisions and ~30 Gb.

This project was renamed, and I decided, to get everything organized, also rename the backup.

As B2 doesn’t accept renames, I used a cloud VM and Rclone to create a copy of the bucket to another bucket with the new name, and also a new name in the snapshots subfolder.

After the copy I compared the buckets with Rclone and they were 100% identical, that is, chunks, snapshots and config. Just the bucket’s name and snapshots subfolder were different.

I then decided to delete the original bucket (big mistake …).

Now when I try to perform a backup or even a check, I get:

ERROR DOWNLOAD_DECRYPT Failed to decrypt the file snapshots/[new-snapshot-name]/1: cipher: message authentication failed

I already searched the forum but in the posts that I found I didn’t find anything similar.

I use Keepass to manage passwords, there was no wrong typed password or something like that.

The only possibility that occurred to me was that I used another password at the beginning of the backups (init), and as this password was registered in the keyring, it doesn’t match - obviously - with the existing snapshots and the current password (presumably the same). But, since I have backup of the preferences folders, I restored a previous keyring, but got the same result.

I already deleted the config file from B2 and reinitialized the storage with the same result.

Any ideas?

If the storage is encrypted, you can’t rename the snapshot subfolder. That is because each snapshot file is encrypted by a key derived from the path of the snapshot file. You can fix this by renaming the snapshot subfolder to its original name.

2 Likes

Thanks! I renamed it back and worked perfectly

Interesting information…

Since the path is also the SnapshotID, I think we can say that:

“snapshot file is encrypted by a key derived from the snapshot ID” right?

If you think the above statement is correct I will add in the init how-to

1 Like

The path includes both the SnapshotID and the Revision, so it should state:

the snapshot file is encrypted by a key derived from the snapshot ID and the revision number.