Can Restic use a private/public key pair?


I’ve finally gotten around to setting up a decent off-site backup system, and restic looks very promising!

I’m wondering if it’s currently possible to use a PGP key, or any kind of asymmetric encryption with restic?

I would like to have it set up so that my computer can always encrypt/upload backups with restic (with the public key always on the computer), but not be able to decrypt downloaded backups, without me providing the key.

I would also like to associate a password with the private key, similar to what PGP allows. This way I could have a password-protected, private key stored offline (airgapped computer, paper backups in a safe…)

If this were the case, it would be impossible to decrypt the backups, even if any computer were to be hacked. Also, if the private key were to be stolen, it would be useless without the password.

Also, it would be cool to have the key on a smartcard.

Can restic do this? I haven’t seen anything in the documentation.

If not, can anyone recommend a backup system that can?

There is an open issue on GitHub for this feature request.