[Borgbackup] encryption mechanism understanding
Thomas Waldmann
tw at waldmann-edv.de
Wed Jul 12 12:24:39 EDT 2017
>in the "repokey" mode, the encryption key is stored in the config file of the repository, ok?
the passphrase-protected/encrypted key, yes.
>but the chunk encryption is done on the client
yes.
>so how the client is able to encrypt the chunks with the key which is
>stored on the server?
>does this mean that the key is sent on the network towards the client ?
the passphrase-protected/encrypted key, yes.
>On the client side how is used the passphrase?
it is used to decrypt the key.
>does this means that the passphrase is sent to the borg server to
>access
>the encryption key of one repository?
no.
>Does the client needs the encryption key stored on the server?
Sure.
>If one client PC crashes or burns, can I restore my data from another
>PC with only the passphrase?
yes. Assuming that the repokey is still in the repo config.
>If my Borg server crashes (without the NAS containing the backup
>repositories) , may I access the backuped data again, with only a
>backup
>of the differents encryption keys of the repositories (borg key
>export)
if you use repokey, keys are in repo config.
you also need the passphrase.
you should always have a backup of keys, but here you won't need it.
>ps: We make a communication about borgbackup in a french congress in
>November
>https://www.jres.org/fr/programme
>and I need to clarify some issues
Great. If you have more questions or you'ld like review of slides, just ask.
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
More information about the Borgbackup
mailing list