Rustic 0.9.5 fails with invalid scrypt parameters when opening restic <0.9.0 repository

[askielboe]

Background

When trying to open an old (2018) restic repository with rustic I get the following error:

> RUST_BACKTRACE="1" RUSTIC_PASSWORD="original-password" rustic -r "./restic-repo" snapshots
[INFO] using no config file, none of these exist: /Users/askielboe/Library/Application Support/rustic/rustic.toml, /etc/rustic/rustic.toml, ./rustic.toml
error: `rustic_core` experienced an error related to `password handling`.

Message:
The password that has been entered, seems to be incorrect. No suitable key found for the given password. Please check your password and try again.

For more information, see: https://rustic.cli.rs/docs/errors/C002


Some additional details ...

Backtrace:
   0: std::backtrace::Backtrace::capture
   1: rustic_core::error::RusticError::new
   2: rustic_core::repofile::keyfile::find_key_in_backend
   3: rustic_core::repository::Repository<P,S>::open_with_password
   4: rustic_rs::repository::RusticRepo<P>::open
   5: rustic_rs::commands::_DERIVE_Runnable_FOR_RusticCmd::<impl abscissa_core::runnable::Runnable for rustic_rs::commands::RusticCmd>::run

I have confirmed that the password used is correct (original password not included here) and that restic 0.17.3 opens the repository just fine.

References

• See related Discord thread here: https://discord.com/channels/1101748142694748181/1101748180007264276/1325417209106923583.
• Restic 0.9.0 changelog: https://github.com/restic/restic/releases/tag/v0.9.0.
• Restic diff between 0.8.3 and 0.9.0: restic/restic@v0.8.3...v0.9.0.

Reproduction

Here is a minimal reproduction which fails when using restic 0.8.3 and succeeds when using restic 0.9.0:

#!/bin/sh

ARCH="linux_arm64"

export RESTIC_PASSWORD="123"
export RUSTIC_PASSWORD="123"

init() {
  RESTIC_VERSION=$1
  echo "=========================== $RESTIC_VERSION ==========================="
  RESTIC_BINARY="restic_${RESTIC_VERSION}_${ARCH}"
  cd "$(mktemp -d)" || exit 
  wget -q "https://github.com/restic/restic/releases/download/v${RESTIC_VERSION}/${RESTIC_BINARY}.bz2"
  bzip2 -d "$RESTIC_BINARY".bz2 && chmod +x "$RESTIC_BINARY"
  ./"$RESTIC_BINARY" version
  ./"$RESTIC_BINARY" -r repo-"$RESTIC_VERSION" init
}


for RESTIC_VERSION in "0.8.3" "0.9.0"
do
  init $RESTIC_VERSION
  rustic --version
  RUST_BACKTRACE="1" rustic -r ./repo-"$RESTIC_VERSION" snapshots
done

I ran this as the entrypoint to the following Dockerfile:

FROM nixos/nix

RUN nix-env -f "https://github.com/NixOS/nixpkgs/archive/cc5c0b20589672011e7dc031634996a1d6766c70.tar.gz" \
  -iA bzip2 rustic

ADD test.sh .
ENTRYPOINT ["./test.sh"]

And got the following output:

=========================== 0.8.3 ===========================
restic 0.8.3
compiled with go1.10 on linux/arm64
created restic repository d029008494 at repo-0.8.3

Please note that knowledge of your password is required to access
the repository. Losing your password means that your data is
irrecoverably lost.
rustic 0.9.5
[INFO] using no config file, none of these exist: /root/.config/rustic/rustic.toml, /etc/rustic/rustic.toml, ./rustic.toml
error: `rustic_core` experienced an error related to `a key`.

Message:
Invalid scrypt parameters. Please check the key file and password.


Some additional details ...

Caused by:
invalid scrypt parameters


Backtrace:
   0: rustic_core::error::RusticError::new
   1: rustic_core::repofile::keyfile::find_key_in_backend
   2: rustic_core::repository::Repository<P,S>::open_with_password
   3: rustic_rs::repository::RusticRepo<P>::open
   4: rustic_rs::commands::_DERIVE_Runnable_FOR_RusticCmd::<impl abscissa_core::runnable::Runnable for rustic_rs::commands::RusticCmd>::run
   5: <rustic_rs::commands::EntryPoint as abscissa_core::runnable::Runnable>::run

=========================== 0.9.0 ===========================
restic 0.9.0 compiled with go1.10.2 on linux/arm64
created restic repository 9a21be117a at repo-0.9.0

Please note that knowledge of your password is required to access
the repository. Losing your password means that your data is
irrecoverably lost.
rustic 0.9.5
[INFO] using no config file, none of these exist: /root/.config/rustic/rustic.toml, /etc/rustic/rustic.toml, ./rustic.toml
[INFO] repository local:./repo-0.9.0: password is correct.
[INFO] using cache at /root/.cache/rustic/9a21be117abce9fb20c7037111524b4d4e7c74a6a024e6ae97e290c98724de6d

total: 0 snapshot(s)

Workaround

I was able to work around this issue by creating a new key in my restic repo, and deleting the old key.

In the beginning there is only the old key.

> RESTIC_PASSWORD="original-password" restic -r "./restic-repo" key list
repository cf9f0772 opened (version 2, compression level auto)
 ID        User       Host                        Created
---------------------------------------------------------------------
*d4b0fbc6  askielboe  Andreass-MacBook-Pro.local  2018-03-23 18:21:10
---------------------------------------------------------------------

Which rustic fails on.

> RUST_BACKTRACE="1" RUSTIC_PASSWORD="original-password" rustic -r "./restic-repo" snapshots
[INFO] using no config file, none of these exist: /Users/askielboe/Library/Application Support/rustic/rustic.toml, /etc/rustic/rustic.toml, ./rustic.toml
error: `rustic_core` experienced an error related to `a key`.

Message:
Invalid scrypt parameters. Please check the key file and password.


Some additional details ...

Caused by:
invalid scrypt parameters


Backtrace:
   0: std::backtrace::Backtrace::capture
   1: rustic_core::error::RusticError::new
   2: rustic_core::repofile::keyfile::find_key_in_backend
   3: rustic_core::repository::Repository<P,S>::open_with_password
   4: rustic_rs::repository::RusticRepo<P>::open
   5: rustic_rs::commands::_DERIVE_Runnable_FOR_RusticCmd::<impl abscissa_core::runnable::Runnable for rustic_rs::commands::RusticCmd>::run

Adding a new key using restic 0.17.3.

> RESTIC_PASSWORD="original-password" restic -r "./restic-repo" key add
repository cf9f0772 opened (version 2, compression level auto)
enter new password: xxx
enter password again: xxx
saved new key with ID 3b3a92210bad58f2763768f538a88b6e53fe94013463962c2a622a5bf35d0407

Confirm that the new password is working and list the keys using restic.

> RESTIC_PASSWORD="xxx" restic -r "./restic-repo" key list
repository cf9f0772 opened (version 2, compression level auto)
 ID        User       Host                        Created
---------------------------------------------------------------------
 3b3a9221  askielboe  Andreass-MacBook-Pro.local  2025-01-05 16:27:02
*d4b0fbc6  askielboe  Andreass-MacBook-Pro.local  2018-03-23 18:21:10
---------------------------------------------------------------------

Using the new key with rustic still fails, presumably because it's first trying to read the old key first and errors out.

> RUST_BACKTRACE="1" RUSTIC_PASSWORD="xxx" rustic -r "./restic-repo" snapshots
[INFO] using no config file, none of these exist: /Users/askielboe/Library/Application Support/rustic/rustic.toml, /etc/rustic/rustic.toml, ./rustic.toml
error: `rustic_core` experienced an error related to `a key`.

Message:
Invalid scrypt parameters. Please check the key file and password.


Some additional details ...

Caused by:
invalid scrypt parameters


Backtrace:
   0: std::backtrace::Backtrace::capture
   1: rustic_core::error::RusticError::new
   2: rustic_core::repofile::keyfile::find_key_in_backend
   3: rustic_core::repository::Repository<P,S>::open_with_password
   4: rustic_rs::repository::RusticRepo<P>::open
   5: rustic_rs::commands::_DERIVE_Runnable_FOR_RusticCmd::<impl abscissa_core::runnable::Runnable for rustic_rs::commands::RusticCmd>::run

After removing the old key with restic (using the new password), rustic starts working.

> RESTIC_PASSWORD="xxx" restic -r "./restic-repo" key remove d4b0fbc6
repository cf9f0772 opened (version 2, compression level auto)
removed key d4b0fbc6c23bbd1de1ba7a3e03f8d28e2f1eff4be81375181f8be46376702c9d

> RUSTIC_PASSWORD="xxx" rustic -r "./restic-repo" snapshots
[INFO] using no config file, none of these exist: /Users/askielboe/Library/Application Support/rustic/rustic.toml, /etc/rustic/rustic.toml, ./rustic.toml
[INFO] repository local:./restic-repo: password is correct.
[INFO] using cache at /Users/askielboe/Library/Caches/rustic/cf9f07722591dfda01e84f2f2eae1ba676c93c856545875fca9acc5fc935bb1e
[00:00:00] getting snapshots...           ████████████████████████████████████████         95/95

( ... here be snapshots ... )

total: 95 snapshot(s)

[askielboe]

Here is an example of a key that fails (from restic 0.8.3 init):

{"created":"2025-01-05T22:41:09.445835836Z","username":"root","hostname":"482067398cb9","kdf":"scrypt","N":262144,"r":1,"p":5,"salt":"efCu8IZm9vEhQbBLC4wftfGNnaJIAQozLtU5ufhFKevt43ohe3499JD5EYBbasBT2mIl3xQ06CIf/MU83U1R6A==","data":"Mxy9ToXlwvVzT1Go+uTWD6sCYF9M3gEqqOVDMghZvomPVL/rNK3BzmzqozgJGYtID9MQhsHCAhU3I4VxHb6TASilxTk6DKffs9aAnnYhFjnZl/31gPsPvUfUq7U0EA+dVVRLyycISNfrVayeMvgUhbMMcCg/tpMHd5P0EXR1RrO9Vi+01ic6HR08GEg41PJtGVtxrlUzfZI5+2hAu8tLHQ=="}

And here is a key that works (from restic 0.9.0 init):

{"created":"2025-01-05T22:41:14.316364338Z","username":"root","hostname":"482067398cb9","kdf":"scrypt","N":32768,"r":8,"p":8,"salt":"IZPtaUqbgE9ctFMmut5GEHerJ3JjC9x7q2EY+2ZkhepcCw1NaQQm4meSHn0txgnpLZ3NIACXX9X4rxdiAQh+1A==","data":"eYupj4Gn+xzL9IeApSUh1RGSLsZ6JD8AEtf65ThzeFlJ70bBpSD1RYuAcvoO3RuOgY9GK4sTHFg6qBylfB67oFWSZWgBWvLgQun7ijJmhiILrwUBNH3YTJgJB38hGSNMooocymcBziParVcZpo5d8SM5VZZFH9KHEf8HNVvCqW152G+ARhPKhsQEybWUkcoNf5R4k5gXsaN8OEF2M3vEow=="}

Password in both cases is xxx.

[aawsome]

The parameters in the key you use are invalid in https://datatracker.ietf.org/doc/html/rfc7914#section-2. However, as discussed in golang/go#33703 they seem to be still valid and the RFC is too strict only by accident, see https://www.rfc-editor.org/errata/eid5971.

The currently only workaround is to create a new key with restic and remove the old key (with restic or manually remove the key file from the backend) - as you already did.

[aawsome]

I reported to the Rust scrypt library, maybe they'll relax this check, then old keys will also work with rustic.