Passphrase requirements: valid characters?

Lost a hard drive and restoring data from duplicati S3 backups using the “direct restoration” process. Going well except for one backup for which I’m getting a worrisome “Failed to decrypt data (invalid passphrase?): Invalid password or corrupted data” error. I was surprised to encounter this problem as I had saved the details for each backup in a password manager and with the exception of 1 out of 4 backups, the approach supported the recovery of 3. Yes, it’s possible that I saved an incorrect passphrase for one of them and I regret not testing restoration capabilities a long time ago but I’m still thinking that I have the right passphrase that was used initially in the job setup.

Here’s where the request for help comes in: The passphrase had at least two “$” (dollar sign) characters in it and I’m wondering if that may be at the root of the problem I’m having. I spent some time searching for passphrase requirements that might include forbidden characters but didn’t come across them and apologizes in advance if I missed something obvious.

Are there passphrase requirements available somewhere? If the dollar signs are causing issues, is there a work around to get the backup files decrypted and restored?
Sincere thanks in advance for any advice made available. I’ve included the log file error message for the error here and if there’s other information that I can provide to shed proper light on the issue, please let me know:

Feb 1, 2022 3:54 PM: The operation List has failed with error: Failed to decrypt data (invalid passphrase?): Invalid password or corrupted data

 "Message":"Failed to decrypt data (invalid passphrase?): Invalid password or corrupted data",
                   "Message":"Invalid password or corrupted data",
                   "StackTraceString":"   at SharpAESCrypt.SharpAESCrypt.ReadEncryptionHeader(String password, Boolean skipFileSizeCheck)\r\n   at SharpAESCrypt.SharpAESCrypt..ctor(String password, Stream stream, OperationMode mode, Boolean skipFileSizeCheck)\r\n   at Duplicati.Library.Encryption.AESEncryption.Decrypt(Stream input)\r\n   at Duplicati.Library.Encryption.EncryptionBase.Decrypt(Stream input, Stream output)",
                   "ExceptionMethod":"8\nReadEncryptionHeader\nSharpAESCrypt, Version=, Culture=neutral, PublicKeyToken=null\nSharpAESCrypt.SharpAESCrypt\nVoid ReadEncryptionHeader(System.String, Boolean)",
 "StackTraceString":"   at Duplicati.Library.Main.AsyncDownloader.AsyncDownloaderEnumerator.AsyncDownloadedFile.get_TempFile()\r\n   at Duplicati.Library.Main.Operation.ListFilesHandler.CreateResultSequence(IEnumerable`1 filteredList, BackendManager backendManager, Options options)\r\n   at Duplicati.Library.Main.Operation.ListFilesHandler.Run(IEnumerable`1 filterstrings, IFilter compositefilter)\r\n   at Duplicati.Library.Main.Controller.RunAction[T](T result, String[]& paths, IFilter& filter, Action`1 method)\r\n   at Duplicati.Library.Main.Controller.List(IEnumerable`1 filterstrings, IFilter filter)\r\n   at Duplicati.Server.Runner.Run(IRunnerData data, Boolean fromQueue)\r\n   at Duplicati.Server.WebServer.RESTMethods.Backup.ListFileSets(IBackup backup, RequestInfo info)\r\n   at Duplicati.Server.WebServer.RESTHandler.DoProcess(RequestInfo info, String method, String module, String key)",
 "ExceptionMethod":"8\nget_TempFile\nDuplicati.Library.Main, Version=, Culture=neutral, PublicKeyToken=null\nDuplicati.Library.Main.AsyncDownloader+AsyncDownloaderEnumerator+AsyncDownloadedFile\nDuplicati.Library.Utility.TempFile get_TempFile()",

Welcome to the forum @kurt

Assuming this is the GUI (and not some command line that might need special quoting), I doubt that’s it.
The GUI’s own Generate button will put out a dollar sign eventually (might take a series of runs though).
I also did a manual test using $password$. Maybe you can try yours on a small local backup, to be sure.

AES Crypt GUI use would probably be a reliable test. Try it on a sampling of the files on your destination.
Duplicati’s SharpAESCrypt.exe is a reimplementation in C#, so may vary, but I still doubt it’s dollar signs.


Exporting a backup job configuration is good to do and store safely. If you did one, password may be in it.

A long time to get back here to thank you for your reply to my question; thank you!. Sadly, it seems I didn’t save the right passphrase so have been spending a lot of time recovering. This is all self inflicted as I should have tested recovery long before needed. A hard but well learned lesson as I will export backup job configs moving forward and do a test after first backup!
Thanks for the reference to AESCrypt as well. As you suggested, it didn’t have any issues with $ chars.