Re: [Dar-support] Passing dar encryption passwords
For full, incremental, compressed and encrypted backups or archives
Brought to you by:
edrusb
Menu
▾
▴
Re: [Dar-support] Passing dar encryption passwords
|
From: Denis C. <dar...@fr...> - 2022-01-07 21:00:41
|
On 07/01/2022 17:33, David Niklas wrote: > Hello, Hello David, > I'm using Dar 2.5.17. whaoo, that's a not a recent one :) but no problem > I'm using the -K option to encrypt a full backup. I then tried to create > a separate catalog for each file. I'm invoking dar like this, but with a > config file (DCF): > dar -C backup-cat -A backup -K algorithm:password -3 sha512 > > Now my intention is to have both the backup and backup-cat file > encrypted. I think dar is doing this, yes it can do that, > but it asks for a password to > decrypt the backup archive so that it can isolate the catalog. of course you need the key to read the backup content > I thought that the -J option was to be used with the -A option so that > you could give dar the password without having to retype it a million > times, but the man page specifies that the -J option is not needed > anymore. -J (and -K when reading an archive) is not needed because dar now detects when a backup is encrypted, reads the encryption algorithm from the backup header but still needs a key to decipher the data. Else if you could read your backup without password, anybody could do the same and your data would not be protected... But as you know, while it is not required, you can still use -J option to specify the key (from a DCF file for example) in order to decipher the backup or reference avoiding dar asking for the password interactively. > However, even with -J, I'm still getting prompted for a > password to open the backup archive. Strange, it should not be the case. Maybe you have conditional statements in your DCF file? In any case, I would add -v option as first argument to dar and looking at dar's output I would check that -J option (and its key) is really parsed as expected. > > How do I give dar the password to use for both the backup archive and the > catalog extract? In order to avoid interactive password requests from dar, you should use something like this: dar -C backup-cat -A backup -K algo:password-cat -J password-backup ... If you have a colon (:) in password-backup, check the -K option description in dar's man page for pitfall and best practices. > > Thanks, > David > Cheers, Denis |
