Restore has failures, unable to decrypt a few dblocks, what is cause? how best to recover?

i got an error during the verification stage of a backup:

Failed to decrypt data (invalid passphrase?): Message has been altered, do not trust content

i tried multiple times and got the same result. i decided to do a full test restore, which mostly worked, but had the same error for ~10 dblock files. i downloaded one file and tried to decrypt it manually and got the same error. the file looked like the right ~50MB in size, so it wasn’t like it got cut short while uploading. none of the files were from recent uploads (dated January 2019).

it seems the restore operation didn’t mark the files as bad. list broken files and purge broken files (dry run) both say everything is fine.

so i have 2 questions:
first, what is the most likely cause for this error?
second, how can i best recover?

replicated issue with both self-hosted S3 and local files. running linux, version

If it’s not wrong password. I would say that the problem probably from technical perspective is bitflip(s). It’s enough to have a single bitflip in encrypted data, and you’re done. There’s basically no way to recover from that, unless error correction is used. That’s why I prefer using it with critical backups and data sets.

Afaik to recover, without restore? I would delete the broken archives, and run fix. Then the corrupted data will be reu-ploaded, assuming it’s still available.

yeah i don’t know how it could be wrong password for ~10 dblocks out of ~7000. these files were migrated from an older drive. the new drive seems fine. i guess most likely is that it was corrupted on the old drive or got corrupted on transfer. i’ll keep an eye on that.

i’ll try manually deleting the errored dblock files and then running purge. is that what you are suggesting?


Yes, after deletion I don’t remember is it repair or purne. Anyway, it’ll probably create very small replacement blocks for those. Of course that can mean that some data becomes unrestorable. But if it’s due to corruption / password, then it’s already lost.

I had serious issues with that stuff too few years ago. But I think the recovery process is now much more robust. Back then recovery was really hard and included lot of manual work.

Yet for user safety and comfort, some of these things should be also automated afaik! There should be option where you “want to restore the working state” even if it means that some data will be permanently lost. If user accepts that, then it’s ok. But at least back in the day, it wasn’t optional. Best way was usually recreate everything.

Let me know how it went.

I checked help, the commands are:
list-broken-files, purge-broken-files

Yes, purge.

i deleted the 9 dblock files manually. did purge-broken-files which recognized the missing files. the restore is running now, i’ll update with the results.

i agree. it would be nice if there was a command or option to mark bad but not missing files for automatic deletion and purge. i had to copy the file names from the log to delete manually…

restore worked with the exception of one file. said the hash didn’t match, but all the dblocks decrypted ok. i’ll delete that file from the backup and keep an eye out for any disk issues.


i was able to restore the single missing file without issue with another restore operation. not sure what the issue was there… again will look out for any disk issues.