Store the public key in the config to ensure one key policy.

Also make sure that RSA encrpytion works with the copy command.
2026-01-02 11:44:45 -06:00 · 2019-09-23 12:53:43 -04:00
parent 90833f9d86
commit 9a0d60ca84
4 changed files with 208 additions and 125 deletions
--- a/src/duplicacy_backupmanager.go
+++ b/src/duplicacy_backupmanager.go
@@ -20,11 +20,6 @@ import (
 	"sync"
 	"sync/atomic"
 	"time"
-	"crypto/rsa"
-	"crypto/x509"
-	"encoding/pem"
-	"io/ioutil"
-	"reflect"
 )

 // BackupManager performs the two major operations, backup and restore, and passes other operations, mostly related to
@@ -81,6 +76,11 @@ func CreateBackupManager(snapshotID string, storage Storage, top string, passwor
 	return backupManager
 }

+// loadRSAPrivateKey loads the specifed private key file for decrypting file chunks
+func (manager *BackupManager) LoadRSAPrivateKey(keyFile string, passphrase string) {
+	manager.config.loadRSAPrivateKey(keyFile, passphrase)
+}
+
 // SetupSnapshotCache creates the snapshot cache, which is merely a local storage under the default .duplicacy
 // directory
 func (manager *BackupManager) SetupSnapshotCache(storageName string) bool {
@@ -108,80 +108,6 @@ func (manager *BackupManager) SetupSnapshotCache(storageName string) bool {
 	return true
 }

-// SetupRSAPublicKey loads the specifed public key file for encrypting file chunks
-func (manager *BackupManager) SetupRSAPublicKey(keyFile string) {
-	encodedKey, err := ioutil.ReadFile(keyFile)
-	if err != nil {
-		LOG_ERROR("BACKUP_KEY", "Failed to read the public key file: %v", err)
-		return
-	}
-
-	decodedKey, _ := pem.Decode(encodedKey)
-	if decodedKey == nil {
-		LOG_ERROR("RESTORE_KEY", "unrecognized public key in %s", keyFile)
-		return
-	}
-	if decodedKey.Type != "PUBLIC KEY" {
-		LOG_ERROR("BACKUP_KEY", "Unsupported public key type %s in %s", decodedKey.Type, keyFile)
-		return
-	}
-
-	parsedKey, err := x509.ParsePKIXPublicKey(decodedKey.Bytes)
-	if err != nil {
-		LOG_ERROR("BACKUP_KEY", "Failed to parse the public key in %s: %v", keyFile, err)
-		return
-	}
-
-	key, ok := parsedKey.(*rsa.PublicKey)
-	if !ok {
-		LOG_ERROR("BACKUP_KEY", "Unsupported public key type %s in %s", reflect.TypeOf(parsedKey), keyFile)
-		return
-	}
-
-	manager.config.rsaPublicKey = key
-}
-
-// SetupRSAPrivateKey loads the specifed private key file for decrypting file chunks
-func (manager *BackupManager) SetupRSAPrivateKey(keyFile string, passphrase string) {
-
-	encodedKey, err := ioutil.ReadFile(keyFile)
-	if err != nil {
-		LOG_ERROR("RESTORE_KEY", "Failed to read the private key file: %v", err)
-	}
-
-	decodedKey, _ := pem.Decode(encodedKey)
-	if decodedKey == nil {
-		LOG_ERROR("RESTORE_KEY", "unrecognized private key in %s", keyFile)
-		return
-	}
-	if decodedKey.Type != "RSA PRIVATE KEY" {
-		LOG_ERROR("RESTORE_KEY", "Unsupported private key type %s in %s", decodedKey.Type, keyFile)
-		return
-	}
-
-	var decodedKeyBytes []byte
-	if passphrase != "" {
-		decodedKeyBytes, err = x509.DecryptPEMBlock(decodedKey, []byte(passphrase))
-	} else {
-		decodedKeyBytes = decodedKey.Bytes
-	}
-
-	var parsedKey interface{}
-	if parsedKey, err = x509.ParsePKCS1PrivateKey(decodedKeyBytes); err != nil {
-		if parsedKey, err = x509.ParsePKCS8PrivateKey(decodedKeyBytes); err != nil {
-			LOG_ERROR("RESTORE_KEY", "Failed to parse the private key in %s: %v", keyFile, err)
-			return
-		}
-	}
-
-	key, ok := parsedKey.(*rsa.PrivateKey)
-	if !ok {
-		LOG_ERROR("RESTORE_KEY", "Unsupported private key type %s in %s", reflect.TypeOf(parsedKey), keyFile)
-		return
-	}
-
-	manager.config.rsaPrivateKey = key
-}

 // setEntryContent sets the 4 content pointers for each entry in 'entries'.  'offset' indicates the value
 // to be added to the StartChunk and EndChunk points, used when intending to append 'entries' to the
@@ -256,6 +182,10 @@ func (manager *BackupManager) Backup(top string, quickMode bool, threads int, ta

 	LOG_DEBUG("BACKUP_PARAMETERS", "top: %s, quick: %t, tag: %s", top, quickMode, tag)

+	if manager.config.rsaPublicKey != nil && len(manager.config.FileKey) > 0 {
+		LOG_INFO("BACKUP_KEY", "RSA encryption is enabled" )
+	}
+
 	remoteSnapshot := manager.SnapshotManager.downloadLatestSnapshot(manager.snapshotID)
 	if remoteSnapshot == nil {
 		remoteSnapshot = CreateEmptySnapshot(manager.snapshotID)
@@ -1796,6 +1726,7 @@ func (manager *BackupManager) CopySnapshots(otherManager *BackupManager, snapsho
 			newChunk := otherManager.config.GetChunk()
 			newChunk.Reset(true)
 			newChunk.Write(chunk.GetBytes())
+			newChunk.encryptionVersion = chunk.encryptionVersion
 			chunkUploader.StartChunk(newChunk, chunkIndex)
 			totalCopied++
 		} else {