repo-create: split --encryption into --encryption + --id-hash (#9168)#9779
Merged
ThomasWaldmann merged 6 commits intoJun 15, 2026
Merged
Conversation
…ckup#9168 The combined --encryption value packed two orthogonal dimensions (cipher / AE algorithm and id hash function) into a single string, causing a combinatorial explosion of mode names. Key location was already split out into --key-location. Now: - --encryption selects only the cipher / AE algorithm: none, authenticated, aes256-ocb, chacha20-poly1305 - --id-hash selects the id hash function: sha256 (default) or blake3 - --key-location (unchanged) selects key storage: repokey (default) or keyfile The old combined names were removed (clean break): select a BLAKE3 suite via --encryption ... --id-hash blake3 instead of blake3-*. aes-ocb was renamed to aes256-ocb (key NAME shown by repo-info and ARG_NAME in JSON updated to match). "none" has no key, so it only supports the sha256 id hash. No on-disk format, key-type byte, or crypto behavior changes: the existing key classes form a clean cross-product of {cipher} x {id-hash}, selected via the new ENC_NAME / IDHASH_NAME class attributes. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
ThomasWaldmann
force-pushed
the
split-encryption-id-hash-9168
branch
from
e6f8686 to
29a760e
Compare
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #9779 +/- ##
=======================================
Coverage 84.87% 84.88%
=======================================
Files 92 92
Lines 15165 15172 +7
Branches 2271 2275 +4
=======================================
+ Hits 12872 12879 +7
Misses 1589 1589
Partials 704 704 ☔ View full report in Codecov by Harness. |
…ckup#9168 Stop using key.ARG_NAME (the combined crypto-suite name) for the JSON output. The "encryption" object now mirrors the split CLI options: the "mode" field is replaced by "encryption" (cipher / AE algorithm, key.ENC_NAME) and "id_hash" (id hash function, key.IDHASH_NAME). This is a breaking change to the documented JSON API. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
ARG_NAME had no readers left after the JSON output switched to ENC_NAME/IDHASH_NAME, so remove it from all (current and legacy) key classes. Give the legacy (borg 1.x, read-only) key classes the two dimensions so that repo-info/list --json reports a meaningful crypto suite for legacy repos instead of null/null: - AESCTRKey: encryption=aes256-ctr, id_hash=sha256 - Blake2AESCTRKey: encryption=aes256-ctr, id_hash=blake2 - Blake2AuthenticatedKey: encryption=authenticated, id_hash=blake2 IDHASH_NAME="blake2" is set on the ID_BLAKE2b_256 mix-in (parallel to the ID_HMAC_SHA_256 / ID_BLAKE3_256 mix-ins). These legacy values never become CLI choices: encryption_argument_names()/id_hash_argument_names() only iterate AVAILABLE_KEY_TYPES, not LEGACY_KEY_TYPES. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…not NAME
The keyfile detection used `key.NAME.startswith("key file")`, but since the
keyfile/repokey unification no key class has such a NAME, so encryption.keyfile
was never emitted (even for keyfile repos). Decide it from the key storage
(KeyBlobStorage.KEYFILE), matching the text repo-info output. Add a test.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…splay string The "you need KEY AND PASSPHRASE" warning was gated on key.NAME != "plaintext", a brittle dependency on a human-readable display string. Use the cipher dimension instead: only plaintext has ENC_NAME == "none"; every key-bearing suite (including the authenticated ones, which should warn) differs. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…om ENC_NAME/IDHASH_NAME NAME was only read by "borg repo-info" to show the crypto suite. Remove it from all (current and legacy) key classes and let repo-info assemble the display from the two real dimensions instead: "<mode>, <ENC_NAME>, <IDHASH_NAME>", e.g. "Encrypted: Yes (repokey, aes256-ocb, sha256)" or "Encrypted: No (repokey, authenticated, blake3)". Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Resolves #9168.
What
borg repo-create --encryptionpacked two orthogonal dimensions — the cipher / AE algorithm and the id hash function — into a single combined string (e.g.blake3-chacha20-poly1305), which grows combinatorially as ciphers/hashes are added. Key location was already split out into--key-location. This finishes the decomposition:--encryption/-e(required): cipher / AE algorithm —none,authenticated,aes256-ocb,chacha20-poly1305--id-hash/-i(defaultsha256): id hash function —sha256orblake3--key-location(unchanged):repokey(default) orkeyfileExample:
Notes / decisions
--encryptionnames are removed. Select a BLAKE3 suite via--encryption ... --id-hash blake3instead ofblake3-*. Borg 2 is unreleased, so no deprecation shim.aes-ocbrenamed toaes256-ocbfor clarity. The keyNAMEshown byborg repo-info(AES256-OCB) and theARG_NAMEreported in--json(encryption.mode) were updated to match.none(plaintext) has no key, so it only supports thesha256id hash;--encryption none --id-hash blake3is rejected with a clear error.Implementation
No on-disk format, key-type byte, or crypto behavior changes — the 7 existing key classes already form a clean cross-product of {cipher} × {id-hash}. Selection is now driven by two new class attributes,
ENC_NAMEandIDHASH_NAME(the latter set once on the id-hash mix-ins), andkey_creator()matches on the pair.Tests / docs
none+blake3, legacy combined name) inrepo_create_cmd_test.py; updated test constants and the fewblake3-aes-ocbliterals.docs/usage/repo-create.rst.inc, rewrote the epilog (table → three-axis explanation), updatedtransfer.rst, and added achanges.rstentry.Full archiver + crypto + benchmark suites pass locally.
🤖 Generated with Claude Code