Deja-dub backup issue
As a backup tool I have been using the Deja-dup application for a few years without any issues till now. Almost every year I reinstall Linux based OS from scratch. Using Deja-dup to backup my data in the old OS and then restore under the new one. I did it again this time. Installed a new OS but then I tried to restore my data, bad things happened.
Deja-dup asked me many times for the password in an endless loop. Well, my data is important so I started to investigate what’s going on. Therefore I run an application with debug mode.
DEJA_DUP_DEBUG=1 deja-dup — restoreOutput:
GPGError: GPG Failed, see log below:===== Begin GnuPG log =====
gpg: AES encrypted data
gpg: encrypted with 1 passphrase
gpg: decryption failed: Bad session key
===== End GnuPG log =====
I thought that I forgot my password, so I’ve created a simple script to test one file with my usual passwords.
i=./duplicity-inc.20211203T074016Z.to.20211203T100528Z.manifest.gpg;allThreads=(“pass1”, “pass2”, “pass3”)for t in ${allThreads[@]}; doecho “Passwd: $t”if gpg — passphrase=$t — batch — pinentry-mode=loopback — decrypt $i >/dev/null 2>/dev/null; then.echo -e “^ \033[0;32mcorrect passphrase\033[0m”;.else echo -e “^ \033[0;31mwrong passphrase\033[0m”;.fi;.done;
Well very bad things happen. No password was correct. How could this be? Why did it happen to me? Google showed me the way. I found this crucial article.
https://wiki.gnome.org/Apps/DejaDup/PassphraseProblems2019
Long story short. It’s a GPG bug and it’s just necessary to know the password to fix the mess. I’ve run the script from a website which checks every file and realize that I know the password for almost all files except 4. So not bad at all. I was thinking of finding a password for those files with John the Ripper tool. Unfortunately gpg files are using AES256 for encryption. Cracking such a password tooks thousands of years. So it’s not a reasonable way to solve this issue. Next step is just decrypting gpg files to difftars.
gpg — multifile — decrypt duplicity-full.20211227T131352Z.*.difftar.gpgAnd then difftars to common directory structure.
for t in duplicity-full.20211227T131352Z.*.difftar; do tar xf $t; doneNext crucial thing is that you should do that only with “duplicity-full” files. If you have many “duplicity-inc” files (Incremental changes only) it’s a bit complicated, but still possible to get your data back. I recommend deleting those “inc” files and you will probably get your data without any mess!
And what is the conclusion? Never ever use deja-dup again.
