[pbs-devel] [PATCH proxmox-backup 01/10] key: make 'default' master key explicit

Fabian Grünbichler f.gruenbichler at proxmox.com
Fri Feb 5 16:35:26 CET 2021 

Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
---
 src/bin/proxmox-backup-client.rs     |  2 +-
 src/bin/proxmox_backup_client/key.rs | 15 +++++++++------
 2 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/src/bin/proxmox-backup-client.rs b/src/bin/proxmox-backup-client.rs
index dfb944f0..58f8740d 100644
--- a/src/bin/proxmox-backup-client.rs
+++ b/src/bin/proxmox-backup-client.rs
@@ -896,7 +896,7 @@ async fn create_backup(
 
             let crypt_config = CryptConfig::new(key)?;
 
-            match key::find_master_pubkey()? {
+            match key::find_default_master_pubkey()? {
                 Some(ref path) if path.exists() => {
                     let pem_data = file_get_contents(path)?;
                     let rsa = openssl::rsa::Rsa::public_key_from_pem(&pem_data)?;
diff --git a/src/bin/proxmox_backup_client/key.rs b/src/bin/proxmox_backup_client/key.rs
index 405cb818..037ee0eb 100644
--- a/src/bin/proxmox_backup_client/key.rs
+++ b/src/bin/proxmox_backup_client/key.rs
@@ -34,14 +34,14 @@ use proxmox_backup::{
 };
 
 pub const DEFAULT_ENCRYPTION_KEY_FILE_NAME: &str = "encryption-key.json";
-pub const MASTER_PUBKEY_FILE_NAME: &str = "master-public.pem";
+pub const DEFAULT_MASTER_PUBKEY_FILE_NAME: &str = "master-public.pem";
 
-pub fn find_master_pubkey() -> Result<Option<PathBuf>, Error> {
-    super::find_xdg_file(MASTER_PUBKEY_FILE_NAME, "main public key file")
+pub fn find_default_master_pubkey() -> Result<Option<PathBuf>, Error> {
+    super::find_xdg_file(DEFAULT_MASTER_PUBKEY_FILE_NAME, "default master public key file")
 }
 
-pub fn place_master_pubkey() -> Result<PathBuf, Error> {
-    super::place_xdg_file(MASTER_PUBKEY_FILE_NAME, "main public key file")
+pub fn place_default_master_pubkey() -> Result<PathBuf, Error> {
+    super::place_xdg_file(DEFAULT_MASTER_PUBKEY_FILE_NAME, "default master public key file")
 }
 
 pub fn find_default_encryption_key() -> Result<Option<PathBuf>, Error> {
@@ -360,6 +360,9 @@ fn show_key(path: Option<String>, param: Value) -> Result<(), Error> {
 )]
 /// Import an RSA public key used to put an encrypted version of the symmetric backup encryption
 /// key onto the backup server along with each backup.
+///
+/// The imported key will be used as default master key for future invocations by the same local
+/// user.
 fn import_master_pubkey(path: String) -> Result<(), Error> {
     let pem_data = file_get_contents(&path)?;
 
@@ -367,7 +370,7 @@ fn import_master_pubkey(path: String) -> Result<(), Error> {
         bail!("Unable to decode PEM data - {}", err);
     }
 
-    let target_path = place_master_pubkey()?;
+    let target_path = place_default_master_pubkey()?;
 
     replace_file(&target_path, &pem_data, CreateOptions::new())?;
 
-- 
2.20.1

More information about the pbs-devel mailing list