From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 0603268D29 for ; Wed, 11 Nov 2020 16:33:40 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id EEF4E24FD5 for ; Wed, 11 Nov 2020 16:33:39 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [212.186.127.180]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 8539B24FC0 for ; Wed, 11 Nov 2020 16:33:38 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 4ABDC420E2 for ; Wed, 11 Nov 2020 16:33:38 +0100 (CET) From: Stoiko Ivanov To: pbs-devel@lists.proxmox.com Date: Wed, 11 Nov 2020 15:33:21 +0000 Message-Id: <20201111153322.28641-2-s.ivanov@proxmox.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20201111153322.28641-1-s.ivanov@proxmox.com> References: <20201111153322.28641-1-s.ivanov@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.093 Adjusted score from AWL reputation of From: address KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_DNSWL_MED -2.3 Sender listed at https://www.dnswl.org/, medium trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [proxmox-backup-client.rs] Subject: [pbs-devel] [PATCH proxmox-backup 1/2] inform user when using default encryption key X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Nov 2020 15:33:40 -0000 Currently if you generate a default encryption key: `proxmox-backup-client key create --kdf none` all backup operations which don't explicitly disable encryption will be encrypted with this key. I found it quite surprising, that my backups were all encrypted without me explicitly specfying neither key nor encryption mode This patch informs the user when the default key is used (and no crypt-mode is provided explicitly) Signed-off-by: Stoiko Ivanov --- src/bin/proxmox-backup-client.rs | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/bin/proxmox-backup-client.rs b/src/bin/proxmox-backup-client.rs index 2d05f622..79031d72 100644 --- a/src/bin/proxmox-backup-client.rs +++ b/src/bin/proxmox-backup-client.rs @@ -817,7 +817,10 @@ fn keyfile_parameters(param: &Value) -> Result<(Option>, CryptMode), Err Ok(match (keydata, crypt_mode) { // no parameters: (None, None) => match key::read_optional_default_encryption_key()? { - Some(key) => (Some(key), CryptMode::Encrypt), + Some(key) => { + println!("Encrypting with default encryption key!"); + (Some(key), CryptMode::Encrypt) + }, None => (None, CryptMode::None), }, -- 2.20.1