Config or key <key> is damaged: ciphertext verification failed

Hi guys,
with every command i try i get:

config or key 71d8f23f6f1a9ff026a903d66545053234435afaa83b4d8118cfe88f4ca6e125 is damaged: ciphertext verification failed. Try again
restic version
restic 0.17.3 compiled with go1.23.3 on linux/amd64

Update 06.01.2025
Was somehow able to access the repository with another password. I currently do not understand how the “rest-server login” of an user can now be used as repository password. But maybe somebody has a idea about that.
I removed the ‘damaged’ key by hand and now check the repository via restic check --read-data this will take a few hours…


I already tried different things from https://forum.restic.net/t/dreaded-ciphertext-verification-failure/6076 but nothing seems to help. Example things i checked:

**Checksum of damaged key**
sha256sum 71d8f23f6f1a9ff026a903d66545053234435afaa83b4d8118cfe88f4ca6e125
71d8f23f6f1a9ff026a903d66545053234435afaa83b4d8118cfe88f4ca6e125  71d8f23f6f1a9ff026a903d66545053234435afaa83b4d8118cfe88f4ca6e125

**Keys and permission**
ls -lh
total 8.0K
-rwxrwxrwx 1 root root 454 Jan  5 17:16 71d8f23f6f1a9ff026a903d66545053234435afaa83b4d8118cfe88f4ca6e125*
-rwxrwxrwx 1 root root 454 Jan  5 17:48 bd1b619f73979b3f7b3bb53748fb20e97b298bf0aab9571fc4992bf8cbf547aa*

**Info within keys**
First part of key with 125: {"created":"2025-01-05T17:16:03.801959645+01:00","username":"root","hostname":"Nasratisbona..."
First part of key with 7aa: {"created":"2025-01-05T17:48:56.538592657+01:00","username":"root","hostname":"Nasratisbona..."

**Config file size**
ls -lh
total 40K
-rwxrwxrwx   1 root root  155 Aug 27  2022 config*
drwxrwxrwx 258 root root 8.0K Oct  5  2021 data/
drwxrwxrwx   2 root root 4.0K Jan  6 18:18 index/
drwxrwxrwx   2 root root  162 Jan  6 20:31 keys/
drwxrwxrwx   2 root root    6 Jan  5 04:33 locks/
drwxrwxrwx   2 root root  16K Jan  6 17:46 snapshots/

**Check command with and without --read-data**
restic -r Mathias4Qv4JkMpPit/ check
using temporary cache in /tmp/restic-check-cache-2106743285
create exclusive lock for repository
enter password for repository:
config or key 71d8f23f6f1a9ff026a903d66545053234435afaa83b4d8118cfe88f4ca6e125 is damaged: ciphertext verification failed. Try again

Dont know what to do now and im wondering why the ‘older’ key is used. The error happend the first time after “prune --max-unused 0” was accidently aborted. But also a combination from NAS-Cache-Mover + prune is thinkable. Hope to get some ideas here.

Kind regards Mathias

I can only tell you that the code in rest-server itself is not able to add/change repository passwords, it is only concerned with the authentication for the HTTP requests.

2 Likes

Ok. That means i´ve done something wrong on last password change. Thank you.

I just saw on the smart values of the disk that :

Status ID Name Value Threshold Ideal Failure Rate
warn 197 (0xC5)	Current Pending Sector Count 	1	0	low		
failed 198 (0xC6)	(Offline) Uncorrectable Sector Count 	1	0	low	81%	

There is a chance that the S.M.A.R.T errors correspond to the defect key file…

I also got some errors during check --read-data and will now follow the troubleshooting guide.

1 Like