Thread: File size zero after decrypting with wrong certificate
Brought to you by:
thesun
From: Jan A. <jan...@do...> - 2008-07-19 09:44:35
|
Hi Sachar, Sorry for keeping you busy lately. I now have some kind of theoretical question. When I encrypt my file with a certificate, let's say certificate A. And I copy this encrypted file to a CD. Assume I do this on a daily basis. At some point in time my certificate gets corrupted and I have to generate a new one (certificate B). This would obviously make my in the past created backups useless... Now I start creating backups with this new certificate for the next couple of months, so far so good. Then something happens and I decide to restore (decrypt) a file from the CD. But - silly me - I use a file which is encrypted with certificate A, resulting in the following rsyncrypto error. ======== BEGIN OUTPUT ======== "D:\Restore\test001.txt" error:0407A079:rsa routines:RSA_padding_check_PKCS1_OAEP:oaep decoding error: ========= END OUTPUT ========= The file which needed to be overwritten was still on my disk before I did this, but after the decryption my file has size 0, leaving me with nothing. Would it be possible/desirable to make rsyncrypto generate an error message and leave the file intact when it tries to decrypt a file with the wrong certificate, in stead of zeroing it out? Warm regards, Jan |
From: Thomas C. <tho...@op...> - 2008-07-20 12:11:00
|
Le Sat, 19 Jul 2008 11:44:20 +0200, "Jan Alphenaar" <jan...@do...> a écrit : > > The file which needed to be overwritten was still on my disk before I > did this, but after the decryption my file has size 0, leaving me > with nothing. Wouldnot it be better to be warned by rsyncrypto in case we decrypt files "in place", overwriting existing ones ? maybe rsyncrypto should refuse to overwrite existing files, unless a --force flag is given ? I may be able to work on such a patch. Regards -- Thomas Constans openDoor 06 23 37 87 85 09 71 73 91 75 |
From: Shachar S. <sh...@sh...> - 2008-07-22 05:41:15
|
Thomas Constans wrote: > > Wouldnot it be better to be warned by rsyncrypto in case we decrypt > files "in place", overwriting existing ones ? > > maybe rsyncrypto should refuse to overwrite existing files, unless a > --force flag is given ? > > I may be able to work on such a patch. > > I'm now working on making rsyncrypto use a safe rewrite procedure in the best Unix tradition - create a temporary file and then run over the original one with a move operation. This will provide atomic replacement on Unix and almost atomic on Windows. Shachar |