Robin Lee Powell wrote:
> This is not the same stuff I was talking about before.
>
> Summary: I've got 3 different segfaults here, and quite a lot of
> documentation failures.  If you want me to send an updated man page,
> I'd be happy to, just let me know.
>
> I made a very simple structure like so:
>
> mkdir orig
> cd orig
> mkdir -p a/b/c
> mkdir -p d/e/f
> touch a/b/c/foo
> touch d/e/f/bar
>
> Encrypted like so:
>
> rsyncrypto --ne-nesting=5 --name-encrypt=filemap -c -v -r orig orig.enc 
> orig.keys /var/tmp/rcb/backup.crt
>
> Now, I would like to be able to do cold decryption.  The man page
> doesn't say how the keys directory is supposed to be defined when
> one is doing this, so I just changed the keys directory name to a
> directory that doesn't exist, and deleted the filemap, like so:
>
> [EMAIL PROTECTED]> ls -l                                      
> total 16
> drwxr-xr-x 4 rlpowell users 4096 2008-02-17 10:11 orig/
> drwxr-xr-x 4 rlpowell users 4096 2008-02-17 10:12 orig.enc/
>
> [EMAIL PROTECTED]> rsyncrypto --ne-nesting=5 --name-encrypt=filemap -d -v -r 
> orig.enc plain plain.keys /var/tmp/rcb/backup.crt
> [1]    13122 segmentation fault (core dumped)  rsyncrypto --ne-nesting=5 
> --name-encrypt=filemap -d -v -r orig.enc plain
>
> Well, that's a bit uncool.  :)  It'd be nice if --name-encrypt=
> understood that in -d mode, I mean the filemap in the encrypted
> directory,
It does. The problem here (and it's documented in the "bugs" section of 
the manual page) is that you tried using the public key for cold 
decryption. As you can well understand, if I had a good idea how to give 
a meaningful error message instead of segfaulting, I would.
>  but oh well, let's try again:
>
> [EMAIL PROTECTED]> rsyncrypto --ne-nesting=5 --name-encrypt=orig.enc/filemap 
> -d -v -r orig.enc plain plain.keys /var/tmp/rcb/backup.crt
> [1]    13190 bus error (core dumped)  rsyncrypto --ne-nesting=5 
> --name-encrypt=orig.enc/filemap -d -v -r orig.enc
>
> Oh, but wait, it gets better!  In this case, it *deleted the
> filemap*:
>   
Of course it did, precisely because of your question above - it tried to 
reconstruct it.

The proper command line should have been:
> [EMAIL PROTECTED]> rsyncrypto --ne-nesting=5 --name-encrypt=filemap -d -v -r 
> orig.enc plain plain.keys /var/tmp/rcb/backup.key
Exactly the same command line as your first attempt, only using the 
private key. Just tried it. It automatically decrypted "filemap" from 
the encrypted directory and saved it to "filemap" in the local one, and 
created the entire decrypted tree + symmetric keys.

If I misunderstood you, please clarify. If not, feel free to send 
suggestions as to what should be changed in the manual page to make this 
point clearer.

Shachar

-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don't miss this year's exciting event. There's still time to save $100. 
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
Rsyncrypto-devel mailing list
Rsyncrypto-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rsyncrypto-devel

Reply via email to