From 12c06955b2c7ff9d9a1070b538f0d214cd68bc17 Mon Sep 17 00:00:00 2001 From: Sylvain Gaunet <1552102+sgaunet@users.noreply.github.com> Date: Mon, 12 May 2025 21:25:36 +0200 Subject: [PATCH] chore: update gocrypt version to 2.0.0 and document breaking changes in README --- Dockerfile | 2 +- README.md | 16 +++++++++++++++- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 426878c..294da68 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ FROM alpine:3.21.3 AS alpine -FROM sgaunet/gocrypt:1.5.1 AS gocrypt +FROM ghcr.io/sgaunet/gocrypt:2.0.0 AS gocrypt FROM sgaunet/gitlab-backup:1.10.0 AS gitlab-backup-image diff --git a/README.md b/README.md index afefbfa..f9f75b8 100644 --- a/README.md +++ b/README.md @@ -11,9 +11,23 @@ gitlab-backup2s3 is an enhanced docker image to export gitlab projects, encrypt You can use the binary but it will need some prerequisites : -* [gocrypt](https://github.com/sgaunet/gocrypt) >= v1.2.0 (if you like to encrypt archives with AES) +* [gocrypt](https://github.com/sgaunet/gocrypt) >= v2.0.0 (if you like to encrypt archives with AES) * [gitlab-backup](https://github.com/sgaunet/gitlab-backup) >= v1.0.0 +## Version Compatibility + +⚠️ **Important Breaking Change** ⚠️ + +Version 2 of **gocrypt** (v2) introduced AES GCM (Galois/Counter Mode) encryption, which breaks compatibility with files encrypted using version 1 (v1). + +- Files encrypted with v1 **cannot** be decrypted with v2 +- Files encrypted with v2 **cannot** be decrypted with v1 + +This incompatibility is due to the fundamental change in the encryption mode from v1 to v2. AES GCM provides better security with authenticated encryption but requires a different format that is not backwards compatible. + +Version 2 of **gocrypt** is not compatible with version 1. If you have files encrypted with v1, you will need to decrypt them using the v1 version of **gocrypt** before you can use them with v2. Version 2 of gitlab-backup2s3 uses v2 of gocrypt. +Version 1 of **gitlab-backup2s3** is compatible with version 1 of **gocrypt**. + ## Configuration It needs some environement variables to run: