duplicacy icon indicating copy to clipboard operation
duplicacy copied to clipboard

Published 20 hours ago verified publisher icon gilbertchen

Using "set" to set a storage password that contains an ampersand ("&") stores the wrong password due to unicode encoding

Open gene1wood opened this issue 6 years ago • 5 comments

  • OS : Ubuntu 18.04
  • Duplicacy version : 2.1.2

When using the set command to set the storage password (password), if the password contains an ampersand (&), or probably other characters that require encoding, it's stored in the preferences file with unicode escaping

Example

duplicacy set -key password -value "foo&bar"

results in a preferences file of

[
    {
        "name": "default",
...snip...
        "nobackup_file": "",
        "keys": {
            "password": "foo\u0026bar"
        }
    }
]

When you then run duplicacy, it reads from the preferences file and doesn't decode the string. This results in the error

Failed to download the configuration file from the storage: Failed to retrieve the config file: cipher: message authentication failed

If you enter the password unencoded (e.g. foo&bar) into the preferences json file directly without using the set command, and then run a backup, everything works fine.

gene1wood avatar Dec 30 '18 17:12 gene1wood

I have similar issue. My password is empty, but it is not recognized/used by duplicacy.

[   
    {   
        "name": "default",
        "id": "ubuntu-backup",
        "repository": "",
        "storage": "b2://test",
        "encrypted": true,
        "no_backup": false,
        "no_restore": false,
        "no_save_password": false,
        "nobackup_file": "",
        "keys": {
            "password" : "",
            "b2_id": "09809809809",
            "b2_key": "spspdsaopdasopdk"
        }
    }
]

It still asks for password:

$ /usr/local/bin/duplicacy -v backup -stats
Storage set to b2://test
Enter storage password:

When I try to set an empty password value:

@ubuntu:~$ duplicacy set -key password -value ""
The options for storage b2://test have not been modified

adrianmihalko avatar Dec 30 '18 23:12 adrianmihalko

@adrianmihalko I suspect your issue isn't related to unicode encoding. I think it relates to the config not accepting empty values. Here's an example of that with ssh_password

If you want to set your encryption password to "", why not just disable encryption? The encryption value of a password as easily guessable as the empty string is probably slim. Just don't use the -encrypt argument when you init the repository and then you don't need to pass a password at all.

If I'm misunderstanding and there is a good use case for an encryption password of the empty string, I'd recommend opening a distinct GitHub issue on it, because the one I'm reporting here relates to unicode encoding and decoding.

gene1wood avatar Dec 31 '18 06:12 gene1wood

I ran into the same issue a few days ago with an ampersand at the end of the password, except in my case it saved the password without the ampersand (and no encoded value) in the preferences file. My password was xxxxx& but it saved it as xxxxx in preferences. I saved it with the "duplicity set -value password" command. I manually edited the preferences file, and like you, that allowed the program to run without error. This is Windows-64 2.1.2 cli version.

uj avatar Dec 31 '18 19:12 uj

@gilbertchen The comment above from @uj confirms that this bug happens in Linux and Windows.

gene1wood avatar Jan 29 '19 05:01 gene1wood

@gilbertchen Is this something that could be looked into? This bug causes very tricky and confusing symptoms.

gene1wood avatar Aug 02 '20 04:08 gene1wood