Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GPG encryption problem #105

Open
Exus opened this issue Mar 31, 2021 · 2 comments
Open

GPG encryption problem #105

Exus opened this issue Mar 31, 2021 · 2 comments

Comments

@Exus
Copy link

Exus commented Mar 31, 2021

I'm using newest v0.4-rc1 version (binary from github) and it works fine. Problem occur when I try to encrypt backup with GPG

# zfsbackup send --encryptTo test@example.com --signFrom test@example.com --publicKeyRingPath public.pgp.asc    --secretKeyRingPath private.pgp.asc --logLevel debug --fullIfOlderThan 5m  tank/backup/tmp s3://BUCKET
...
2021/03/31 17:34:03 PGP Debug Info:
Loaded Private Keys:
        C9BB0591E339F45C
        map[Test1 <test@example.com>:0xc00007c580]

Loaded Public Keys:
        C9BB0591E339F45C
        map[Test1 <test@example.com>:0xc00007c680]
2021/03/31 17:34:04 Getting ZFS Snapshots with command "zfs list -H -d 1 -p -t snapshot,bookmark -r -o name,creation,type -S creation tank/backup/tmp"
2021/03/31 17:34:04 Initializing Backend s3://BUCKET
2021/03/31 17:34:04 s3 backend: will use the Bulk restore tier when trying to restore from Glacier.
2021/03/31 17:34:04 Syncing 1 manifests to local cache.
2021/03/31 17:34:04 Downloaded manifests|tank/hq/test|1.manifest.gz to local cache.
2021/03/31 17:34:04 Error while trying to process smart option - openpgp: invalid data: tag byte does not have MSB set

I've tried this also on old debian jessie, still getting Error while trying to process smart option - openpgp: invalid data: tag byte does not have MSB set error

Here some system info

# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 18.04.5 LTS
Release:        18.04
Codename:       bionic

# gpg --version
gpg (GnuPG) 2.2.4
libgcrypt 1.8.1
Copyright (C) 2017 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Here is how I've created gpg keys

# gpg --generate-key
....
Real name: Test1
Email address: test@example.com
You selected this USER-ID:
    "Test1 <test@example.com>"

# gpg --output public.pgp.asc --armor --export test@example.com
# gpg --output private.pgp.asc --armor --export-secret-key test@example.com

# ls -al *.asc
-rw------- 1 root root 5200 Mar 31 17:32 private.pgp.asc
-rw-r--r-- 1 root root 2444 Mar 31 17:32 public.pgp.asc

# export PGP_PASSPHRASE=test1234

Not sure if it's key creation misuse or some issue in GO lib (like golang/go#29082)
@someone1
Copy link
Owner

Ahh - small quirk - if you started sending backups without using encryption/signing but then switch to it, it will assume everything it finds on the bucket is signed/encrypted.

I can try and fix this so it's less dependent on the switches/flags used when sending the command and instead tries to parse what was used based on the filename of the manifest.

For now, switch buckets, or if what's in the bucket can be disposed of as you'd like to switch to encryption/signing, empty the destination bucket.

@Exus
Copy link
Author

Exus commented Apr 1, 2021

Yes, it works after cleaning backup. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Exus @someone1