RSA without repository password?

lopiuh · 20 May 2024 16:33

Hi,

is it possible / wise to “work” without a repository password?

I did init a repository (and storage) with RSA and entered an empty repository password.

duplicacy_3.2.3 init -e -key public.pem foo /pool/duplicacy/

When prompted for password, I just hit the enter key twice

duplicacy_3.2.3 backup

did not print “RSA encryption is enabled” and in deed the chunks are not encrypted.

But as far as init was done with “-e -key public.pem” and .duplicacy/preferences states ““encrypted”: true”

the user could believe it is encrypted (I did when testing if i can leave the repository password blank). This should not be possible or am I wrong?. The creation of such a storage should be prevented, shouldn’t it?

Thanks

lopiuh

ninjanner · 20 May 2024 17:16

My opinion is having that choose is good.

It’s up to the user to decide how important it is to them id their data is encrypted or not. I do the same thing with my backups, not encrypt it that is.

saspus · 20 May 2024 17:45

How did you verify that data in the chunks is not encrypted?

lopiuh · 20 May 2024 21:18

ACK that user should not be forced to encrypt, but this was not my point. My point was User wants to and thinks he encrypts (see the init prompt) but indeed it is not.encrypted.

lopiuh · 20 May 2024 21:19

It was restoreable without offering or asking for the private keyfile
(reproducable). I thinks it is a bug…(?)

Thanks lopiuh

ninjanner · 20 May 2024 21:31

That doesn’t mean it wasn’t encrypted. It just means it didn’t ask for a password.

I believe that is why @saspus asked how you verified it wasn’t encrypted

lopiuh · 21 May 2024 06:59

Hi,

ah yes (we are talking about CLI-Version)
1.backup-call does not display ““RSA encryption is enabled”, what it does, when it is encrypted.
2.I did not gave and it did not aks for private key, what it does, when it is encrypted.
3.I have not saved the pgp private keyfile password in any entity, which is able to give it to any program.

You can simply reproduce the setup. Call init with -e and public key and press enter for storage password, voila.

Yours

lopiuh

lopiuh · 23 May 2024 15:21

Hi,

can someone confirm / contradict the described behaviour?

Yours lopiuh

saspus · 23 May 2024 19:17

Looks like a bug to me. Conflating “empty password” and “no password”.

lopiuh · 25 May 2024 12:51

I want to contribute. How is tagging done for the buglist?

Yours lopiuh