rustic icon indicating copy to clipboard operation
rustic copied to clipboard

Published 20 hours ago verified publisher icon rustic-rs

Unencrypted backups

Open nickchomey opened this issue 2 years ago • 3 comments

This is a duplicate of this issue from restic. https://github.com/restic/restic/issues/1018

I'd like to be able to create backups that aren't encrypted at all. Is this something that could be implemented?

It is something that would be useful for many users, in particular for using rustic as an incremental backup mechanism in the open source Cyberpanel server control panel https://community.cyberpanel.net/t/cyberpanel-backups-v2-proposal/40370/

nickchomey avatar Feb 17 '23 19:02 nickchomey

Thanks for opening this issue @nickchomey

I thought a bit about it. Actually I find the points given in the restic discussion why it might be a bad idea to add unencrypted backuse quite relevant. On the other hand it should be not too hard to just disable the encryption. But that would mean to keep the repo format almost identical including a nonce and a checksum but just omitting the encryption part. Adding a random nonce is really important as rustic does rely on the fact that an "identical" file saved twice results in different filenames due to different hashes of the contents.

So, I would suggest the following:

  • For init add a flag like --no-encryption
  • This would generate a "key" file which just holds the key for the checksum computation, but in plaintext
  • For each repo operation, I would log a warning like "[warn] repository is not encrypted"
  • Changing between unencrypted and encrypted repositories wouldn't be possible except maybe using the copy command to copy data between an encrypted and an unencypted repository.

aawsome avatar Feb 20 '23 13:02 aawsome

That sounds like a good approach to me! Its not urgent to implement, but I look forward to seeing it someday!

nickchomey avatar Feb 22 '23 20:02 nickchomey

I thought a bit about it. Actually I find the points given in the restic discussion why it might be a bad idea to add unencrypted backuse quite relevant.

Agreed! I think opting out of the encryption should be possible though, but should definitely behind a flag, that isn't easily confused and also have a warning attached to it. Something in big fat red letters, when making a backup and each time interacting with such a repository, in the sense like: "This is not encrypted, we hope you know what you're doing!".

Having unencrypted backups is definitely a special use case and I for myself am also on-board. Various hard-drives in my household are fully-encrypted and need to be temporarily decrypted for storing a backup. In this case it doesn't make sense to add another level of encryption on top of it, when the encryption of my hard drives is broken, it really doesn't matter, if the backups are accessible.

BUT: as i have an offsite copy that I keep on some cloud drive, this one I would like to be encrypted. So it should be generally possible to have offsite copies of repositories that are encrypted and can be copied to, while having a local unencrypted repository.

simonsan avatar Jun 12 '23 16:06 simonsan