Clarifications about the "keyfile"

[s-leroux]

If a part goes missing from cold storage, is it correct to consider that only the snapshots and files pointing to that part would be unrecoverable?

If you are talking about a data part, this is correct. If your keyfile is damaged for some reason (in hot and cold part and you don't have multiple keyfiles), you loose access to your whole repository...

Originally posted by @aawsome in #1246 (reply in thread) — emphasis mine

The keyfile seems a critical component of the rustic architecture.

Can we clarify what the keyfile is, where it is stored, and how we can protect against a possible loss of access to the whole repository?

[aawsome]

Can we clarify what the keyfile is, where it is stored, and how we can protect against a possible loss of access to the whole repository?

See also https://github.com/restic/restic/blob/master/doc/design.rst#keys-encryption-and-mac

What is the keyfile?

A keyfile is a file where the single key used to encrypt (and MAC) all data in the repository (a.k.a the "masterkey") is stored. It is not stored directly, but itself encrypted by a key which is derived from a password. So, for each password which has been "added" to the repository, there is a keyfile. But all keyfiles in fact just store the identical "masterkey".

Where are the keyfiles stored?

In the repository under /keys/. Actually in plaintext JSON, but as written above, the cruical part is just some encrypted data.

How we can protect against a possible loss

In short: redundancy. It depends on the redundancy/guarantees of the storage you use for your repository. If these guarantees are fine for you, this is enough protection. If not, you have to add your own redundancy. Using a hot/cold repo gives redundancy as keyfiles are saved in the hot and cold repo part. Also you could use several passwords to generate multiple keyfiles using rustic key add (passwords can even be identical; the first "matching" key is taken) - a single working one will open the repository. Besides this, you can manually copy/"backup" the keyfiles to wherever you want.

Besides thinking about protection against loosing keyfiles, always make sure that you the right focus on the real risks that hurt you. Having a backup for a missing/corrupt keyfile is fine, but if that data pack file containing the key to your bitcoin wallet also has gone corrupted, the effect can be very similar ;-)

[s-leroux]

if that data pack file containing the key to your bitcoin wallet also has gone corrupted, the effect can be very similar ;-)

No doubt about that!

---

Thanks a lot for the reply and the pointer to the relevant documentation: it is enlightening, but somehow I had completely missed it.

[s-leroux]

I have to complete my reply by saying I am preparing things so my wife and son can recover access to their backed-up data in case of my death. For now, all password/passphrase/pincode-related information is stored only in my memory, which clearly creates a single point of failure! I think I will provide each family member with their own backup key password.

[aawsome]

Note that rustic-rs/rustic_core#468 allows to directly use the masterkey instead of the keyfiles stored in the repo. (But this doesn't solve the question how to backup the master key ;-))