(Newbie) I can't access my Duplicacy backups! (Failed to retrieve the config file: cipher: message authentication failed)

I’ve been running Duplicacy GUI via Docker on my NAS - my drive failed and I lost everything, fortunately I have encrypted backups of my files on Google Drive (including the previous Duplicacy config - I backed up my Docker apps folder).

I’ve reinstalled another instance of Duplicacy GUI and added Google token, when at ‘Configure the storage’ it asks for a unique name and the password. I’ve tried every possible combination of what the password should be, but I keep getting the following error:

‘Failed to retrieve the config file: cipher: message authentication failed’

In the unique name field I’ve been using a different name when trying to access the storage, for fear of overwriting my previous settings - does this name need to match an existing snapshot for me to be authorised? Or am I going about this the wrong way by trying to add storage via using the GUI altogether? Is there a way I can reset the password? Does it make it difference if I type or paste in a password?

The existing Google token I was using was lost with my data, so I’ve generated a new one - could this be causing authorisation issues as well?

I’ve looked at previous threads, but it’s all a bit over my head as I am a bit of linux newb, and I’m really freaked out that I’ve lost my data. I’m going to continue to chipping away at every possible password combo, but I just want to confirm whether it might another issue. Please help!

message authentication failed’ means the storage password is incorrect. How did you create the encrypted backups on Google Drive? If you have the original ~/.duplicacy-web/duplicacy.json you may be able to recover the correct storage password.

I created via the Duplicacy GUI in Docker container - if the duplicacy.json was part of the Docker config it’s backed up, but it’s inside of the same encrypted share I’m trying to access…

I used a license previously, but I haven’t applied that to the latest instance of Duplicacy that I am using? Could that be an issue?

No, you don’t need a license for restoring.

@gchen Here’s the complete error message I keep getting:

Failed to initialize the storage at gcd://(–backupdirectory–): Failed to download the configuration file from the storage: Failed to retrieve the config file: cipher: message authentication failed

I have access to the encypted config file stored on the Gdrive - can anything be done with that? Are there other options to regain the password or reset it? I’ve spent quite some time already going through the likely passwords/combos, and nothing seems to be working. I’m pretty confident it is not just a password issue.

I’m happy to upgrade to a commercial license or whatever can help me get some extra assistance, quite stressed about not being able to recover my data :slightly_frowning_face:

How did you originally input the password? Copy and paste, from a password manager? Did you perhaps originally use the CLI and manually edit the preferences file when setting up the storage?

Note I had an issue when transitioning from CLI to the Web GUI where my password included a Tab character, and the only way to input that into the web interface is to copy and paste from a notepad.

It sounds like your issue is definitely related to your password. Could you have mixed up the Web UI ‘credentials’ password (used to encrypt the .json data) with the storage encryption passwords?

One thing that I have started doing after I create a new storage and input the password is that delete the storage immediately and then recreate it, so that I have to enter the password again.That way I know that the password is what I think it is.

Of course that doesn’t help the OP at this point, but I consider that a good practice for the future.

2 Likes

How did you originally input the password? Copy and paste, from a password manager? Did you perhaps originally use the CLI and manually edit the preferences file when setting up the storage?

80% sure it was typed, but I’m considering that if it was copy/pasted there may have been a possibility of a stray space being added, so I’m trying options with that as well. Entered via the GUI, I haven’t ever used it by CLI. I haven’t used my password manager for any Duplicacy installs unfortunately. I have a handful of passwords I reuse that have a common theme so I can memorise them easily enough, part of where I am at now is going through all the combinations/typos that could have been used with these.

Could you have mixed up the Web UI ‘credentials’ password (used to encrypt the .json data) with the storage encryption passwords?

It’s possible that I may have used the same password for both? But in any case, nothing has worked so far. @tangofan Do the Web UI encryption/administration password have to be the same as they would have been on the original install as well?

1 Like

This makes sense, will definitely be doing this in future.

1 Like

Another suggestion is to use password managers for everything.

Then you would create a password there and then copy it from there to wherever you need it. Since you copy it the same way and you have a single source — you will end up with the same data at the destination. You don’t even need to ever see that password or know what it is. I certainly have never seen vast majority of my passwords I use daily. Have no clue what they are. Not need to know. It’s just a blob of data at this point. Same goes for other crypto keys, credentials for your other services, credit cards, driver license numbers, SSNs, pretty much anything else you won’t need to have to remember anymore.

Password manager database need to be replicated everywhere and accessible from everywhere, and with abundance of cloud services this is not a problem. I’m personally using 1Password for as far as I remember, but there are many others.

2 Likes

My suggestion is to write down all possible password combinations in a text file, and then write a script to auto-test them all. If you test each password manually one by one you may miss the correct password if there is a typo.

There is no other way around it (unless you have the duplicacy.json file). If there were, then it means Duplicacy has serious security flaws.

1 Like

Is there a script/project somewhere I can reference to put this together? As mentioned I am new with Linux so have no idea how to set up said script. Would tools like hashcat/johntheripper work?

Nope, you would be best sitting down and working out what you would of put the Password as.

Worst case scenario, you have lost the Data and you would need to rebuild from scratch and delete or forget the old stuff.

Maybe Archive it till you can Remember the Password,

Doubt anyone here would want to run through the practice of Password Cracking.

@gchen @Droolio

I may have recovered some remnants of the original json config file, see below (not the real password string btw) :

{"storages":[{"name":"GS_NAS-Encrypted","url":"gcd://BACKUP/NAS/ENCRYPTED","encrypted":true,"credentials":{"gcd_token":"<--withheld-->","password":"5ce8fe09550e3daf8fd8d13b1021d7f23c991eaf5cc05ed69e2bc6fbe0d677f168f2829ce81eaba1078bd93c0beddd562eda7a4798779a0e2d1e4f38"}},

What can I do now? If I drop these details into another json, will I then have access to the storage to at least restore my backup?

Or will I have to decrypt the password string somehow? If so, what is the encryption type used for that password hash and how would you reccommend going about doing so?

Thanks for your help/patience so far :slight_smile:

I was able to recover the password and I now have access again, happy to leave this here as warning to others - save your passwords! Thanks for your time and help everyone!

4 Likes

Awesome, good to hear!

May I ask how you managed to determine the password? Did the json help with that?

1 Like

I keep some txt files as reference for every docker app I run with basic setup and configuration/license details, and password hints if used. I was able to recover those files off the crashed drive and the password hint helped me remember what I used.

2 Likes