2
2
mirror of https://github.com/octoleo/restic.git synced 2024-10-31 19:02:32 +00:00

Merge pull request #274 from restic/fix-documentation

Documentation fixes
This commit is contained in:
Alexander Neumann 2015-08-22 23:07:31 +02:00
commit b188217e83

View File

@ -12,7 +12,7 @@ several subdirectories. A repository implementation must be able to fulfill a
number of operations, e.g. list the contents. number of operations, e.g. list the contents.
*Blob*: A Blob combines a number of data bytes with identifying information *Blob*: A Blob combines a number of data bytes with identifying information
like the SHA256 hash of the data and its length. like the SHA-256 hash of the data and its length.
*Pack*: A Pack combines one or more Blobs, e.g. in a single file. *Pack*: A Pack combines one or more Blobs, e.g. in a single file.
@ -246,18 +246,18 @@ repository password. This is then used with `scrypt`, a key derivation function
bytes. The first 32 bytes are used as the encryption key (for AES-256) and the bytes. The first 32 bytes are used as the encryption key (for AES-256) and the
last 32 bytes are used as the message authentication key (for Poly1305-AES). last 32 bytes are used as the message authentication key (for Poly1305-AES).
These last 32 bytes are divided into a 16 byte AES key `k` followed by 16 bytes These last 32 bytes are divided into a 16 byte AES key `k` followed by 16 bytes
of secret key `r`. They key `r` is then masked for use with Poly1305 (see the of secret key `r`. The key `r` is then masked for use with Poly1305 (see the
paper for details). paper for details).
This message authentication key is used to compute a MAC over the bytes contained Those message authentication keys (`k` and `r`) are used to compute a MAC over
in the JSON field `data` (after removing the Base64 encoding and not including the bytes contained in the JSON field `data` (after removing the Base64
the last 32 byte). If the password is incorrect or the key file has been encoding and not including the last 32 byte). If the password is incorrect or
tampered with, the computed MAC will not match the last 16 bytes of the data, the key file has been tampered with, the computed MAC will not match the last
and restic exits with an error. Otherwise, the data is decrypted with the 16 bytes of the data, and restic exits with an error. Otherwise, the data is
encryption key derived from `scrypt`. This yields a JSON document which decrypted with the encryption key derived from `scrypt`. This yields a JSON
contains the master encryption and message authentication keys for this document which contains the master encryption and message authentication keys
repository (encoded in Base64). The command `restic cat masterkey` can be used for this repository (encoded in Base64). The command `restic cat masterkey` can
as follows to decrypt and pretty-print the master key: be used as follows to decrypt and pretty-print the master key:
$ restic -r /tmp/restic-repo cat masterkey $ restic -r /tmp/restic-repo cat masterkey
{ {
@ -315,9 +315,8 @@ Trees and Data
-------------- --------------
A snapshot references a tree by the SHA-256 hash of the JSON string A snapshot references a tree by the SHA-256 hash of the JSON string
representation of its contents. Trees are saved in a subdirectory of the representation of its contents. Trees and data are saved in pack files in a
directory `trees`. The sub directory's name is the first two characters of the subdirectory of the directory `data`.
filename the tree object is stored in.
The command `restic cat tree` can be used to inspect the tree referenced above: The command `restic cat tree` can be used to inspect the tree referenced above:
@ -462,10 +461,10 @@ General assumptions:
The restic backup program guarantees the following: The restic backup program guarantees the following:
* Accessing the unencrypted content of stored files and meta data should not * Accessing the unencrypted content of stored files and metadata should not
be possible without a password for the repository. Everything except the be possible without a password for the repository. Everything except the
`version` and `id` files and the meta data included for informational metadata included for informational purposes in the key files is encrypted and
purposes in the key files is encrypted and authenticated. authenticated.
* Modifications (intentional or unintentional) can be detected automatically * Modifications (intentional or unintentional) can be detected automatically
on several layers: on several layers: