Sorry for keeping you busy lately. I now have some kind of theoretical question.
When I encrypt my file with a certificate, let’s say certificate A. And I copy this encrypted file to a CD. Assume I do this on a daily basis. At some point in time my certificate gets corrupted and I have to generate a new one (certificate B). This would obviously make my in the past created backups useless...
Now I start creating backups with this new certificate for the next couple of months, so far so good. Then something happens and I decide to restore (decrypt) a file from the CD. But - silly me - I use a file which is encrypted with certificate A, resulting in the following rsyncrypto error.
======== BEGIN OUTPUT ========
"D:\Restore\test001.txt" error:0407A079:rsa routines:RSA_padding_check_PKCS1_OAEP:oaep decoding error:
========= END OUTPUT =========
The file which needed to be overwritten was still on my disk before I did this, but after the decryption my file has size 0, leaving me with nothing.
Would it be possible/desirable to make rsyncrypto generate an error message and leave the file intact when it tries to decrypt a file with the wrong certificate, in stead of zeroing it out?