I don’t understand something about the feature. I will write below multiple use-cases and please explain/comment/approve/disapprove of my beliefs.
My use-case is the same as above: multiple untrusted parties backup to the same storage.
1. The chunk name remains unchanged (same as if not using the
-key option?) and only the file content is changed (encrypted with the public key)
If that’s the case, then it doesn’t make any sense to have multiple untrusted parties backup to the same storage (untrusted implies each party using different keys) because there seems to be a _ false deduplication_ as only the original uploader of a chunk will be able to restore it, rest of the parties getting an error during the decryption process.
This possible use-case leads to broken/useless backups for everyone except the uploader of a chunk.
If multiple backups are happening at the same time it’s easy to see the following problematic case:
Over the whole backup we have
party 1 = p1
party 2 = p2
party 1 will need to upload at some point during the backup both chunk 1 (c1) and chunk 2 (c2)
party 2 will need to upload at some point during the backup both chunk 1 (c1) and chunk 2 (c2)
- p1 uploads c1 (encrypted with k_p1)
- p2 needs to upload c1 but finds it existing on the storage
- p2 uploads c2 (encrypted with k_p2)
- p1 needs to upload c2 but find it existing on the storage
In this case both snapshots are un-restore-able since 1 of the chunks needed in the backup were uploaded by the different key.
2. The chunk name is changed (as if the contents of the chunk are different) but the unecrypted contents are actually the same
In this case we have all the problems presented above along with an extra: there won’t be any deduplication.
Are there any other use-cases that i missed?
Therefore @gchen, i think this feature needs to be advertised with care and make sure that whoever uses it does not use different keys in the same storage (or respectively same copied
From what i understand, the sole purpose of this feature is to have an extra layer of security of the backup in case we don’t trust the storage provider (but we trust all other parties who are doing backups to the same storage as I do).