Hei, I wrote a small patch adding this to write_keyring, which is as unobtrusive as possible. I tested this and it works as I expect it, but I'm still unsure if I get the obnam encryption scheme completely right. I am not quite sure how to write a test case for this one, though - client-keys only ever lists one key (maybe this is a bug, too?). Maybe an even better black box test would be to encrypt with one key, add another key via add-key and then try to restore with the new one. However, I didn't have the time to figure out how to use a second GNUPGHOME during a test. Hopefully I find the time during this week.
I don't have an idea how to implement a one-time reencryption of the symmetric key for people who update. So maybe a NEWS entry has to suffice? Terveiset, Mika -- Own your own computer. Don't use Windows 7. <http://windows7sins.org>
=== modified file 'obnamlib/plugins/encryption_plugin.py'
--- obnamlib/plugins/encryption_plugin.py 2012-06-17 15:17:44 +0000
+++ obnamlib/plugins/encryption_plugin.py 2012-07-16 22:16:55 +0000
@@ -145,6 +145,10 @@
encrypted = self.filter_write(encoded, repo, toplevel)
pathname = os.path.join(toplevel, 'userkeys')
self._overwrite_file(repo, pathname, encrypted)
+ symmetric_key = self.get_symmetric_key(repo, toplevel)
+ encrypted_symmetric_key = obnamlib.encrypt_with_keyring(symmetric_key, keyring)
+ pathname = os.path.join(toplevel, 'key')
+ self._overwrite_file(repo, pathname, encrypted_symmetric_key)
def add_to_userkeys(self, repo, toplevel, public_key):
userkeys = self.read_keyring(repo, toplevel)
signature.asc
Description: PGP signature
