From 1fab5892b5c07ad56c2d2fd7b6f28b2755b3d9e6 Mon Sep 17 00:00:00 2001
From: Michael Eischer <michael.eischer@fau.de>
Date: Mon, 16 Aug 2021 17:42:16 +0200
Subject: [PATCH] Add changelog for #3429

---
 changelog/unreleased/pull-3429 | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 changelog/unreleased/pull-3429

diff --git a/changelog/unreleased/pull-3429 b/changelog/unreleased/pull-3429
new file mode 100644
index 000000000..6c2d4abaf
--- /dev/null
+++ b/changelog/unreleased/pull-3429
@@ -0,0 +1,12 @@
+Enhancement: Verify that new or modified keys were stored correctly
+
+When adding a new key or changing the password of a key, restic just created the
+new key (and removed the old one, when changing the password). There was no
+verification that the new key was stored correctly and that it work. As the
+repository cannot be decrypted without a valid key file, this could in rare
+cases cause the repository to become inaccessible.
+
+We have added a check that the new key actually works before continuing. This
+can protect against some (rare) cases of hardware or storage problems.
+
+https://github.com/restic/restic/pull/3429