Implement RSA encryption

This is to support public key encryption in the backup operation. You can use the -key option to supply the public key to the backup command, and then the same option to supply the private key when restoring a previous revision. The storage must be encrypted for this to work.
2026-01-04 20:54:44 -06:00 · 2019-09-20 14:19:18 -04:00
parent 58387c0951
commit 90833f9d86
8 changed files with 248 additions and 28 deletions
--- a/duplicacy/duplicacy_main.go
+++ b/duplicacy/duplicacy_main.go
@@ -718,6 +718,10 @@ func backupRepository(context *cli.Context) {
 	backupManager := duplicacy.CreateBackupManager(preference.SnapshotID, storage, repository, password, preference.NobackupFile)
 	duplicacy.SavePassword(*preference, "password", password)

+	if context.String("key") != "" {
+		backupManager.SetupRSAPublicKey(context.String("key"))
+	}
+
 	backupManager.SetupSnapshotCache(preference.Name)
 	backupManager.SetDryRun(dryRun)
 	backupManager.Backup(repository, quickMode, threads, context.String("t"), showStatistics, enableVSS, vssTimeout, enumOnly)
@@ -783,10 +787,8 @@ func restoreRepository(context *cli.Context) {
 		}

 		patterns = append(patterns, pattern)
-
-	
-
 	}
+
 	patterns = duplicacy.ProcessFilterLines(patterns, make([]string, 0))

 	duplicacy.LOG_DEBUG("REGEX_DEBUG", "There are %d compiled regular expressions stored", len(duplicacy.RegexMap))
@@ -797,6 +799,13 @@ func restoreRepository(context *cli.Context) {
 	backupManager := duplicacy.CreateBackupManager(preference.SnapshotID, storage, repository, password, preference.NobackupFile)
 	duplicacy.SavePassword(*preference, "password", password)

+	if context.String("key") != "" {
+		prompt := fmt.Sprintf("Enter the passphrase for %s:", context.String("key"))
+		passphrase := duplicacy.GetPassword(*preference, "rsa_passphrase", prompt, false, false)
+		backupManager.SetupRSAPrivateKey(context.String("key"), passphrase)
+		duplicacy.SavePassword(*preference, "rsa_passphrase", passphrase)
+	}
+
 	backupManager.SetupSnapshotCache(preference.Name)
 	backupManager.Restore(repository, revision, true, quickMode, threads, overwrite, deleteMode, setOwner, showStatistics, patterns)

@@ -847,6 +856,14 @@ func listSnapshots(context *cli.Context) {
 	showFiles := context.Bool("files")
 	showChunks := context.Bool("chunks")

+	// list doesn't need to decrypt file chunks; but we need -key here so we can reset the passphrase for the private key
+	if context.String("key") != "" {
+		prompt := fmt.Sprintf("Enter the passphrase for %s:", context.String("key"))
+		passphrase := duplicacy.GetPassword(*preference, "rsa_passphrase", prompt, false, resetPassword)
+		backupManager.SetupRSAPrivateKey(context.String("key"), passphrase)
+		duplicacy.SavePassword(*preference, "rsa_passphrase", passphrase)
+	}
+
 	backupManager.SetupSnapshotCache(preference.Name)
 	backupManager.SnapshotManager.ListSnapshots(id, revisions, tag, showFiles, showChunks)

@@ -885,6 +902,13 @@ func checkSnapshots(context *cli.Context) {
 	backupManager := duplicacy.CreateBackupManager(preference.SnapshotID, storage, repository, password, preference.NobackupFile)
 	duplicacy.SavePassword(*preference, "password", password)

+	if context.String("key") != "" {
+		prompt := fmt.Sprintf("Enter the passphrase for %s:", context.String("key"))
+		passphrase := duplicacy.GetPassword(*preference, "rsa_passphrase", prompt, false, false)
+		backupManager.SetupRSAPrivateKey(context.String("key"), passphrase)
+		duplicacy.SavePassword(*preference, "rsa_passphrase", passphrase)
+	}
+
 	id := preference.SnapshotID
 	if context.Bool("all") {
 		id = ""
@@ -940,6 +964,13 @@ func printFile(context *cli.Context) {
 	backupManager := duplicacy.CreateBackupManager(preference.SnapshotID, storage, repository, password, preference.NobackupFile)
 	duplicacy.SavePassword(*preference, "password", password)

+	if context.String("key") != "" {
+		prompt := fmt.Sprintf("Enter the passphrase for %s:", context.String("key"))
+		passphrase := duplicacy.GetPassword(*preference, "rsa_passphrase", prompt, false, false)
+		backupManager.SetupRSAPrivateKey(context.String("key"), passphrase)
+		duplicacy.SavePassword(*preference, "rsa_passphrase", passphrase)
+	}
+
 	backupManager.SetupSnapshotCache(preference.Name)

 	file := ""
@@ -996,6 +1027,13 @@ func diff(context *cli.Context) {
 	backupManager := duplicacy.CreateBackupManager(preference.SnapshotID, storage, repository, password, preference.NobackupFile)
 	duplicacy.SavePassword(*preference, "password", password)

+	if context.String("key") != "" {
+		prompt := fmt.Sprintf("Enter the passphrase for %s:", context.String("key"))
+		passphrase := duplicacy.GetPassword(*preference, "rsa_passphrase", prompt, false, false)
+		backupManager.SetupRSAPrivateKey(context.String("key"), passphrase)
+		duplicacy.SavePassword(*preference, "rsa_passphrase", passphrase)
+	}
+
 	backupManager.SetupSnapshotCache(preference.Name)
 	backupManager.SnapshotManager.Diff(repository, snapshotID, revisions, path, compareByHash, preference.NobackupFile)

@@ -1406,6 +1444,11 @@ func main() {
 					Name:  "enum-only",
 					Usage: "enumerate the repository recursively and then exit",
 				},
+				cli.StringFlag{
+					Name:     "key",
+					Usage:    "the RSA public key to encrypt file chunks",
+					Argument: "<public key>",
+				},
 			},
 			Usage:     "Save a snapshot of the repository to the storage",
 			ArgsUsage: " ",
@@ -1457,6 +1500,11 @@ func main() {
 					Usage:    "restore from the specified storage instead of the default one",
 					Argument: "<storage name>",
 				},
+				cli.StringFlag{
+					Name:     "key",
+					Usage:    "the RSA private key to decrypt file chunks",
+					Argument: "<private key>",
+				},
 			},
 			Usage:     "Restore the repository to a previously saved snapshot",
 			ArgsUsage: "[--] [pattern] ...",
@@ -1502,6 +1550,11 @@ func main() {
 					Usage:    "retrieve snapshots from the specified storage",
 					Argument: "<storage name>",
 				},
+				cli.StringFlag{
+					Name:     "key",
+					Usage:    "the RSA private key to decrypt file chunks",
+					Argument: "<private key>",
+				},
 			},
 			Usage:     "List snapshots",
 			ArgsUsage: " ",
@@ -1554,6 +1607,11 @@ func main() {
 					Usage:    "retrieve snapshots from the specified storage",
 					Argument: "<storage name>",
 				},
+				cli.StringFlag{
+					Name:     "key",
+					Usage:    "the RSA private key to decrypt file chunks",
+					Argument: "<private key>",
+				},
 			},
 			Usage:     "Check the integrity of snapshots",
 			ArgsUsage: " ",
@@ -1577,6 +1635,11 @@ func main() {
 					Usage:    "retrieve the file from the specified storage",
 					Argument: "<storage name>",
 				},
+				cli.StringFlag{
+					Name:     "key",
+					Usage:    "the RSA private key to decrypt file chunks",
+					Argument: "<private key>",
+				},
 			},
 			Usage:     "Print to stdout the specified file, or the snapshot content if no file is specified",
 			ArgsUsage: "[<file>]",
@@ -1605,6 +1668,11 @@ func main() {
 					Usage:    "retrieve files from the specified storage",
 					Argument: "<storage name>",
 				},
+				cli.StringFlag{
+					Name:     "key",
+					Usage:    "the RSA private key to decrypt file chunks",
+					Argument: "<private key>",
+				},
 			},
 			Usage:     "Compare two snapshots or two revisions of a file",
 			ArgsUsage: "[<file>]",