diff --git a/docs/faq.rst b/docs/faq.rst index 64edee627..7624bcf3b 100644 --- a/docs/faq.rst +++ b/docs/faq.rst @@ -187,37 +187,24 @@ all the part files and manually concatenate them together. For more details, see :ref:`checkpoints_parts`. -My repository is corrupt, how can I restore from an older but working repository? ---------------------------------------------------------------------------------- +My repository is corrupt, how can I restore from an older copy of it? +--------------------------------------------------------------------- -If the working repo has the same ID as the corrupt one, the recommended method -is to delete the corrupted repository, and then copy the working repository to -the same location. The delete command will completely remove the corrupt repo -and delete the corresponding cache and security subdirectory in -``~/.config/borg/security``, including the nonce value (if encryption is used). -When the working repo is used later for creating new archives, Borg would -initialize a fresh nonce, which would be bad for security reasons (nonce values -should never be reused). To prevent this, the security subdirectory should be -saved before deleting, and later moved back into place. - -Example: +If your repositories are encrypted and have the same ID, the recommended method +is to delete the corrupted repository, but keep its security info, and then copy +the working repository to the same location: :: - # Get the repo ID from repo config. - REPO_ID=$(borg config /path/to/repo-good id) - - # Rename the repo security dir so Borg won't delete it. - cd ~/.config/borg/security - mv $REPO_ID $REPO_ID.backup - - # Now delete and rename the security dir back. - borg delete /path/to/repo - mv $REPO_ID.backup $REPO_ID - - # Finally copy the good repo to the original place. - rsync -avH /path/to/repo-good /path/to/repo + borg delete --keep-security-info /path/to/repo + rsync -aH /path/to/repo-working/ /path/to/repo # Note the trailing slash. +A plain delete command would remove the security info in +``~/.config/borg/security``, including the nonce value. In BorgBackup +:ref:`security_encryption` is AES-CTR, where the nonce is a counter. When the +working repo was used later for creating new archives, Borg would initialize a +fresh nonce, which would be bad for security reasons. To prevent this, the +``keep-security-info`` option is applied so that the nonce counter is kept. Can Borg add redundancy to the backup data to deal with hardware malfunction? ----------------------------------------------------------------------------- diff --git a/docs/internals/security.rst b/docs/internals/security.rst index 3d1717fa2..ac26bc5f0 100644 --- a/docs/internals/security.rst +++ b/docs/internals/security.rst @@ -118,6 +118,8 @@ prompt is a set BORG_PASSPHRASE. See issue :issue:`2169` for details. manifest this way, while a changed layout would have broken compatibility. +.. _security_encryption: + Encryption ----------