[pbs-devel] [PATCH proxmox-backup 2/7] fix #3197: skip fingerprint check when restoring key

Fabian Grünbichler f.gruenbichler at proxmox.com
Wed Dec 16 14:41:06 CET 2020


when restoring an encrypted key, the original one is obviously not
available to check the fingerprint with.

Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
---
 src/bin/proxmox-backup-client.rs | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/bin/proxmox-backup-client.rs b/src/bin/proxmox-backup-client.rs
index 1c456aab..36da624e 100644
--- a/src/bin/proxmox-backup-client.rs
+++ b/src/bin/proxmox-backup-client.rs
@@ -1273,10 +1273,15 @@ async fn restore(param: Value) -> Result<Value, Error> {
         true,
     ).await?;
 
+    let (archive_name, archive_type) = parse_archive_type(archive_name);
+
     let (manifest, backup_index_data) = client.download_manifest().await?;
-    manifest.check_fingerprint(crypt_config.as_ref().map(Arc::as_ref))?;
 
-    let (archive_name, archive_type) = parse_archive_type(archive_name);
+    if archive_name == ENCRYPTED_KEY_BLOB_NAME && crypt_config.is_none() {
+        eprintln!("Restoring encrypted key blob without original key - skipping manifest fingerprint check!")
+    } else {
+        manifest.check_fingerprint(crypt_config.as_ref().map(Arc::as_ref))?;
+    }
 
     if archive_name == MANIFEST_BLOB_NAME {
         if let Some(target) = target {
-- 
2.20.1





More information about the pbs-devel mailing list