Is the backup format stable?

[wiktor-k]

Hi folks,

We're writing a tool to inspect the consistency of backups and have been wondering to what extend can we describe / rely on backup format and the keys in it to stay consistent: https://gitlab.archlinux.org/archlinux/signstar/-/merge_requests/99#note_226496

Is the backup format considered an internal detail or can we be sure it will mostly stay the same? What about the keys within the decrypted backup file?

Thank you for your time! 👋

[robin-nitrokey]

That’s a question for @ansiwen.

My understanding is that the (outer) backup format is versioned and breaking changes would trigger a version bump. The (inner) data keys are unlikely to change but are not guaranteed to stay the same. It is only guaranteed that the backup can be applied, i. e. the NetHSM would transform the keys to the new scheme if there was a change to the internal data layout.

[wiktor-k]

AFAICS the inner format is also versioned (both of these are zeros currently). I forgot to ask if this a correct repo to discuss anyway but it seems it's not the worst place 😅

Thanks for help! I'll wait to see what @ansiwen will add :)