Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Question: How to find which and where my encryption keys are for a profile? #738

Closed
penyuan opened this issue Dec 5, 2020 · 5 comments
Closed

Comments

@penyuan
Copy link

penyuan commented Dec 5, 2020

I've been using Vorta for backups on my GNU/Linux system with no problems creating, mounting, and restoring from archives.

I went with default options and see that my current back up profile uses "repokey-blake2" for encryption, fine. But how do I find out where they encryption keys are so I can back them up? I'd hate to lose those keys or not being able to access them if/when I want to restore on another device.

@penyuan penyuan changed the title Question; Question: How to find which and where my encryption keys are for a profile? Dec 5, 2020
@samuel-w
Copy link
Contributor

samuel-w commented Dec 5, 2020

The are located in your repository config. A repository at /home/user/repository would have the config at /home/user/repository/config. This will be easier once a fix for #304 is done. I am actually working on it #599 but don't have time to finish it yet.

@penyuan
Copy link
Author

penyuan commented Dec 5, 2020

@samuel-w: thank you for getting back to me so quickly! 😃

I found the config file in my repository, just a few questions:

  1. So is this a Vorta-specific file and not used by pure borg?
  2. The last entry in this file is called key so presumably that's the one Vorta uses to encrypt/decrypt my repository. If so, and since the config file resides with my repository, that means anyone who has access to the repository directory would have the means to encrypt/decrypt it, too?
  3. Assuming 2. is correct, when I am on a new/separate system and want to restore from this repository, can I just tell borg to use the key stored in config for read/write access?

Thanks! And looking forward to #304 and #599. Let me know if I can help test or something.

@samuel-w
Copy link
Contributor

samuel-w commented Dec 5, 2020

No, its a borg file. Vorta is just a frontend for borg, and it runs borg commands to do everything.

You need two things to decrypt a repository. The password and the key. If you lose one, then it is impossible to decrypt the data. That is why backing up the keyfile and knowing your password is important.

To copy a repository to a new location should just be copying it over, and setting BORG_RELOCATED_REPO_ACCESS_IS_OK if you are running borg from command line (Vorta automatically sets BORG_RELOCATED_REPO_ACCESS_IS_OK). Running borg restore or pressing restore in the Vorta UI will use the key automatically.

@penyuan
Copy link
Author

penyuan commented Dec 6, 2020

Got it, thanks! Makes sense.

@m3nu
Copy link
Contributor

m3nu commented Dec 16, 2020

Closing since it’s answered.

@m3nu m3nu closed this as completed Dec 16, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants