Starting from version 2.3.0, you can initialize a storage with an RSA public key. Backups can be created as usual, but to restore files you’ll need to provide the corresponding private key.
Duplicacy with RSA Encryption
Initialization
To initialize a new encrypted storage with the RSA encryption enabled, run the following command:
$ duplicacy init -e -key public.pem repository_id storage_url
The RSA encryption can be only enabled if the storage is encrypted (by the -e
option).
The RSA public key, along with other configuration parameters, will be stored in the file named config
which is then uploaded to the storage.
You can verify if the RSA encryption is turned on by running the info command in the following way:
$ duplicacy -d info -e storage_url
...
RSA public key: -----BEGIN PUBLIC KEY-----
...
-----END PUBLIC KEY-----
Backup and Restore
No extra option is needed when you run the backup command. You’ll see a log message that says RSA encryption is enabled
.
$ duplicacy backup
Storage set to ...
RSA encryption is enabled
...
Note that when the RSA encryption is enabled, only file contents are encrypted by the RSA encryption. File metadata, such as modification times, permissions, and extended attributes are not protected by the RSA encryption (but still protected by the storage password).
To restore you’ll need the RSA private key:
$ duplicacy restore -r 1 -key private.pem
Other commands
Other commands that take the RSA private key are list, check, cat, diff, and copy.
For the check command, you’ll only need the RSA private key with the -files
option, which is used to verify the integrity of every file.
You can run the check and prune commands without the RSA private key to manage backups encrypted with the RSA public key.
Copy with RSA encryption
If you want to switch to the RSA encryption for an existing storage, you can create a new encrypted storage with the RSA encryption enabled and then copy existing backups to the new storage:
duplicacy add -e -key public.pem -copy default new_storage_name repository_id new_storage_url
duplicacy copy -from default -to new_storage_name
Vice versa, you can copy from an RSA encrypted storage to a new storage without RSA encryption:
duplicacy add -e -copy default new_storage_name repository_id new_storage_url
duplicacy copy -key private.pem -from default -to new_storage_name
Key generation
You can run these commands to generate the private and public key pair:
openssl genrsa -aes256 -out private.pem 2048
openssl rsa -in private.pem -pubout -out public.pem
The key needs to be in the PKCS#1 format. If the first line of the private key file is -----BEGIN PRIVATE KEY-----
rather than -----BEGIN RSA PRIVATE KEY-----
, then it is in the PKCS#8 format and you’ll need to supply the -traditional
option to openssl.
How it works
The RSA encryption is performed on the chunk level. Previously, an encrypted chunk always starts with the header duplicacy\000
, followed by the nonce and encrypted chunk content:
-----------------------------------------------
duplicacy\000 | nonce | encrypted chunk content
-----------------------------------------------
Note that the key used to encrypt the chunk content isn’t stored here. Rather, that key is derived from the hash of the chunk content.
Chunks with the RSA encryption enabled will start with a new header duplicacy\002
. The key to encrypt the chunk content is no longer derived from the hash of the chunk content. Instead, the key is randomly generated (unique to each chunk), and then encrypted by the RSA public key, and stored after the chunk header:
-------------------------------------------------------------------
duplicacy\002 | RSA encrypted key | nonce | encrypted chunk content
-------------------------------------------------------------------
To decrypt such a chunk, Duplicacy will first recover the key from the RSA encrypted key (which requires the RSA private key), and then use that key to decrypt the chunk content.
RSA encryption only applies to file chunks, not metadata chunks. Therefore, the file names, timestamps, permissions, attributes, etc are not protected by the RSA public key (but still protected by the storage password).