How to use RSA Key from CLI encrypted backups with Web GUI Restore

mpaczan · 4 July 2020 19:53

I have setup and run an encrypted backup to OneDrive using Duplicacy CLI. CLI backup and restore both work as expected using the RSA key private.pem.

I then installed the Web GUI version of Duplicacy and successfully added my existing OneDrive backup storage that was initialized using the CLI version. However, I am unable to use the Web GUI to successfully accomplish a “Restore” from my CLI encrypted backup. The issue is about how to pass the RSA private key to the GUI Restore operation. I’ve searched and found no info on how to do this using the GUI Restore “options” field. I’ve tried the standard CLI option “-key private.pem” in the Options field with the “private.pem” file located in the target restore directory and also the original repository, but this does work. I’ve also tried a full Windows path/file name to the -key private.pem (e.g. “C:\Users\Me\private.pem”. The Restore does process and restore folders, but the restore ends with the following error:

"The restore command encountered an error:
An RSA private key is required to decrypt the chunk

exit code: 100"

How do I pass the backup’s RSA key to the GUI Restore operation?

gchen · 6 July 2020 01:02

I added a -key-passphrase option that can be used to specify the passphrase needed to decrypt the RSA private key: Add a -key-passphrase option to pass in passphrase for RSA private key · gilbertchen/duplicacy@089e19f · GitHub

This will be included in tonight’s 2.6.0 CLI release.

mpaczan · 6 July 2020 02:51

Thank you for your quick response and change. Not that familiar with the interactions between Duplicacy CLI and Web Edition. So, will your 2.6.0 CLI release change enable the “-key path/private.pem” and “-passphrase” options to be used in the Web Edition Restore options field? Does the Web Edition just work as a front end and pass the options to the CLI? If so, looking forward to testing that out as it will provide the feature I’m looking for in Web Edition to access past CLI encrypted backups.

gchen · 6 July 2020 03:00

If you restart the web GUI it will automatically download the 2.6.0 release. You can verify this by checking if there is a line saying Duplicacy CLI 2.6.0 in the log file `~/.duplicacy-web/logs/duplicacy_web.log.

After that, you can add -key path/private.pem -key-passphrase <passphrase> as the restore options.

mpaczan · 6 July 2020 03:52

Restarted the Web GUI…verified CLI 2.6.0 in log file … then tried Restore. Fail. Restarted Web GUI again and tried restore again. Fail. Rebooted Windows PC. Tried restore again. Fail.

Verified restore option was input per your instructions -key path/private.pem -key-passphrase MyPassphrase in the Web Restore option field. Selected specific version for restore and also tried an individual file restore. Each try failed. Note that my -key “path/private.pem” includes quotes around the full path since the path has spaces in the folder names. Same path in quotes that I use with CLI restore, which works. All Restore attempts end with “exit code: 100” and the following log output.

2020-07-05 22:41:08.859 INFO REPOSITORY_SET Repository set to E:/DuplicacyBackupTest
2020-07-05 22:41:08.861 INFO STORAGE_SET Storage set to one://Duplicacy_Backup_Vault
2020-07-05 22:41:09.801 INFO SNAPSHOT_FILTER Loaded 5 include/exclude pattern(s)

mpaczan · 6 July 2020 14:25

When the Web GUI does an auto download, where does it put the updated CLI executable on Windows? Maybe the old CLI executable is still being referenced? I manually downloaded the new 2.6.0 CLI release and put it in the folder that I use for storing the application that’s in my path environment. Left the executable file name the way it was duplicacy_win_x64_2.6.0.exe. Restared Duplicacy Web Edition and tried a restore. Still fails with exit code: 100.

towerbr · 6 July 2020 15:19

Here: %UserProfile%/.duplicacy-web/bin

mpaczan · 6 July 2020 17:03

Ok, I found the new 2.6.0 CLI executable in the bin folder you referenced. I changed my path environment to point to bin so now there is only one CLI executable on my computer. I’ve continued to experiment today to try and get the Web Edition restore to work with the CLI RSA encrypted backup. I’ve run a Restore with nothing in the option field and it fails saying there is no RSA private key, as you would expect. Then I add the new options -key “mypath/private.pem” -key-passphrase MyPassphrase to the Web Edition Restore option field and run the Restore operation again. Don’t get any error message about the RSA private key, but the restore always fails with exit code:100.

Subsequently, I went back to test the new option directly using CLI by doing a restore using the new options in the command line: -key path/private.pem -key-passphrase MyPassphrase. This failed to work, with the error referencing the passphrase entry as being unrecognized. So, I then removed the -key-passphrase MyPassphrase and re-ran the CLI restore using just the -key “path/private.pem” and this restore ran, WITHOUT asking me for the private key passphrase, which I was expecting it to ask for. It did work and decrypted the backup and restored the files to my target folder.

Does not appear to me that 2.6.0 CLI release is accepting the new -key-passphrase MyPassphrase option as it doesn’t work via CLI or Web Edition options.

gchen · 6 July 2020 17:22

It is the space in the path of the private key file that caused the problem. Enclosing the path with double quotes won’t work either because the web GUI doesn’t treat the double quotes differently. Can you move the key file to a path without spaces?

mpaczan · 6 July 2020 17:23

Yes, I can make that change and will retest. Thanks!

mpaczan · 6 July 2020 17:28

That did it! No quotes around the key file path. Works like a charm now.