Server drives toasted. Cannot figure out how to restore previously encrypted files to get going again. Trying to use the "copy" command to retrieve the files from a specific Backblaze bucket (compumatter-net-svr) to our new server.
If we try the rclone copy one way, it ends up download everything but they are encrypted "bin" files. If we change which rclone conf section is being referenced, it throws the error shown below. We are in an emergency state and feel confident we have the correct passwords and salt
Run the command 'rclone version' and share the full output of the command.
os/version: ubuntu 22.04 (64 bit)
os/kernel: 5.15.0-50-generic (x86_64)
Which cloud storage system are you using? (eg Google Drive)
The command you were trying to run (eg rclone copy /tmp remote:tmp)
Thank you Ole. Indeed those are both true observations.
Strangely, when I first ran the command
''' rclone lsf data-drive-crypt: --crypt-directory-name-encryption=false --crypt-filename-encryption=off '''
It indeed returned some unencrypted image / jpg files and gave me great hope.
I tried to apply those flags --crypt-directory-name-encryption=false --crypt-filename-encryption=off to my copy command but got errors in the log file like
Now strangely enough just running your original command
'''rclone lsf data-drive-crypt: --crypt-directory-name-encryption=false --crypt-filename-encryption=off'''
Results in a similar error
''' Failed to create file system for "data-drive-crypt:": failed to make remote "data-drive:compumatter-biz-svr" to wrap: failed to authorize account: failed to authenticate: Unknown 401 (401 unauthorized)'''
So I went to backblaze and regenerated keys, ran b2 authorize-account 34e3d... 00124f1a265...
which went properly and without errors.
Running the command rclone lsf data-drive:compumatter-net-svr now still returns the error Failed to create file system for "data-drive:compumatter-net-svr": failed to authorize account: failed to authenticate: Unknown 401 (401 unauthorized) where it did not initially...
I have tried what you suggested. The first command results in the following return:
The second command
rclone copy --config=rclone-test.conf data-drive-crypt2: test-recovery2
Resulted in: in a lot of error messages. I've created a short video that puts you in the drivers seat
The ERRORs you see are all due to the configured passwords not matching the passwords used when encrypting the files. The NOTICEs on removal are just rclone cleaning up the files containing gibberish due to wrong passwords.
Not much I can do from the drivers seat with a wrong set of keys (in a car with fully secured ignition).
The last chance is that you are using obscured passwords where you should be using plain passwords, or vice versa:
Did you create the first config (data-drive-crypt:) using the interactive rclone config or wim?
Do the passwords you see when doing rclone config show data-drive-crypt match the passwords you have on file?
Did you create the second config (data-drive-crypt2:) using the interactive rclone config or wim?
Do the passwords you see when doing rclone config show data-drive-crypt2 match the passwords you have on file?
Forgive me. I didn't mean to imply you were the driver I just wanted you to have a better view.
Remember I am on a different server than the one that went down. So 'rclone config show ....' must go with the flag --config=rclone....conf file that I've created anew.
Yes each one I created with vim. Because the server I am restoring to also has a valid rclone/backblaze backup so if I created it with rclone config it would overwrite this servers /root/.config/rclone/rclone.conf file.
So the results look like this:
type = crypt
password = *** ENCRYPTED ***
password2 = *** ENCRYPTED ***
remote = data-drive:compumatter-net-svr
directory_name_encryption = false
filename_encryption = on
Question, what is the purpose of the "salt" ? I kinda thought that might be a back door for unencrypting something or regenerating a way in
I feel with some degree of confidence I know the original salt and original password. Do they provide any ability to regenerate a way in?
Also, what is the purpose of password2 that I have in my config file? Where is this used?
Does the passwords you see in the config of data-drive-crypt2 (using wim) match the passwords you have on file?
If yes, then try creating a new remote data-drive-crypt3 using rclone config --config=... were you enter the exact same settings and passwords. This should result in a config entry where the passwords are different/obfuscated from data-drive-crypt2 (when viewed in wim).