message authentication failed

Christoph     Feb 4 6:43PM 2018 CLI

When I try to run duplicacy backup, I'm getting:

failed to retrieve the config file: cipher: message authentication failed

What exactly does this error message mean, or rather: how do I deal with it?

I understand that duplicacy is getting the wrong password for the encrypted backup archive, but why is it wrong? I am not specifying it anywhere in clear text so I assume that it is stored in the keyfile, encrypted by the windows security api (or whatever the exact name). But I don't understand the process and so I have no idea how or why that password might have become wrong (it worked before). Nor do I understand how I can change it back to the correct password...


gchen    Feb 4 11:12PM 2018

Passwords are stored in the keyring file under the .duplicacy directory. You can run duplicacy list -reset-passwords and then you'll have a chance to enter the correct password.


Christoph    Feb 5 8:18AM 2018

Thanks! I looked for a rest option in the password command and under Managing Passwords in the wiki, but it did not occur to me to check the list command...

I have added the information to the managing passwords wiki page (BTW: shouldn't we be talking about passphrases, these days?).

Now, if you don't mind me asking: what might possibly have led to the password having been changed? I did recently create a new password when I changed my chunk-size to 1M, but I don't quite understand how that might have cause this issue.

To be concrete: since changing chunk size means to start the backup archive from scratch, I created a new folder in the backend and initiated it with the new chunk size. I did not touch the old backend folder or the preferences for the old backups, I just stopped running them and created a new repository (or rather, started backing up the old one to the new storage). It worked fine for several days, so I can't really link the issue with the new password. Or why would the keyring file only be changed several days later? Or changed back several days later?

UPDATE: In the mean time, I did the duplicacy list -reset-passwords and it worked in the sense that I was able to enter a password and subsequently the backup worked. But I have no idea what I actually did when entering that password. Did I just enter the correct storage password that was already set or did I set a new storage password?

To improve the UX here, I'd suggest to clarify the question that duplicacy issues. Currently it just says

Storage set to <whatever the path>
Enter storage password:

If what you enter here is a new storage password, I think it should say Enter new storage password:

Even better: Enter new storage password (or press *** to quit): (fill in *** as appropriate).


gchen    Feb 5 7:47PM 2018

Thank you for updating the wiki page!

duplicacy list -reset-passwords gives you a chance to enter the password instead of reading it from the keyring or environment. So it is not a new storage password.


Christoph    Feb 6 3:52AM 2018

Hm, in that case I think it is a bit misleading to call it "reset password" because resetting is usually associated with setting a new password.

I suppose my wiki page update is also misleading in the same way...

Not sure how to clarify it. Would it be correct to say that it is about rewriting the password to the keyring?


gchen    Feb 6 10:59AM 2018

I agree it is a bad name, but your wiki update looks good to me.