I find the Duplicati documentation very thourough and good to use. This is why I was quite suprised there is no article/documentation about the actual format the AES crypto module uses, and possible an alternate command line/tool to decrypt it.
I wanted to open one of the ZIP files, and possibly not use Duplicati CLI for this to verify it uses a repeatable and overall sound format. Did I just miss this doc or is it really missing? I would expect information about the secret stretching method used, the AES blockmodes, the way the parameters are generated as well as the resulting file layout.
If I really missed it let me know, I would be willing to dig into the source and extract a draft.
It doesn’t seem to be in the regular user manual, but below are the help text and developer docs.
C:\ProgramData\Duplicati\duplicati-2.0.5.1_beta_2020-01-18>Duplicati.CommandLine.exe help aes
AES-256 encryption, built in (.aes):
This module encrypts all files in the same way that AESCrypt does, using 256
bit AES encryption.
Supported options:
--aes-set-threadlevel (Enumeration): Set thread level utilized for crypting
(0-4)
Use this option to set the thread level allowed for AES crypt operations.
Valid values are 0 (uses default), or from 1 (no multithreading) to 4
(max. multithreading)
* values: 0, 1, 2, 3, 4
* default value: 4
C:\ProgramData\Duplicati\duplicati-2.0.5.1_beta_2020-01-18>
The AESCrypt module is based on the publicly available AESCrypt file format specification, using AES-256 as the encryption algorithm. Each file is encrypted with its own volume encryption key, and each volume contains a HMAC signature to ensure integrity.