The repository imeplements a low-level key-value store, upon which all higher level structures in asuran are built.
The repository stores individual chunks, arrays of bytes, that can be compressed and encrypted. Chunks are addressed by their key, which, with the exception of the repository manifest, is derived from an HMAC of the plain text of the chunk.
Asuran repositories currently only operate in append only mode
Encryption and compression algorthims can be swapped out on a chunk by
chunk basis, with
providing pass through modes for those who do not wish to use those
Asuran uses Hash based Method Authentication Codes (HMAC), with swappable hash algorithims, for both deduplicating and ensuring data integrety.
The hash algorhtim used for the HMAC can also be changed out on a chunk by chunk basis, though this would not be wise to do. As deduplication is perfomed based on plaintext HMAC, this would severely compromise the effectiveness of deduplicaiton.
While the hash algrorithim used for HMAC can be swapped out, unlike the ones for encryption and compression, it can not be turned off. Asuran always verifies the intergety of the data.
The deduplication strategy in asuran is straight foward. Each chunk is stored in the repository with the hash of its plaintext as its key. As the hash function used is a cryptographically secure HMAC, we can be sure within the limits of reason that if two chunks have the same key, they have the same data, and if they have the same data, then they have the same key.
Asuran will not write a chunk whose key already exists in the repository, effectivly preventing the storage of duplicate chunks.
The backend provides abstract IO access to the real location of the data in the repository.
Key for an object in a repository
Stores the key, encrypted with another key dervied from the user specified password/passphrase
Stores the encryption key used by the archive
Provides an interface to the storage-backed key value store
A raw block of data and its associated
Marker for the type of compression used by a particular chunk
Tag for the encryption algorthim and IV used by a particular chunk
Tag for the HMAC algorithim used by a particular chunk
An error for all the various things that can go wrong with handling chunks