diff --git a/src/api2/config/tape_encryption_keys.rs b/src/api2/config/tape_encryption_keys.rs index 9fc2649d..444babac 100644 --- a/src/api2/config/tape_encryption_keys.rs +++ b/src/api2/config/tape_encryption_keys.rs @@ -183,7 +183,7 @@ pub fn create_key( let fingerprint = key_config.fingerprint.clone().unwrap(); - insert_key(key, key_config)?; + insert_key(key, key_config, false)?; Ok(fingerprint) } diff --git a/src/api2/tape/drive.rs b/src/api2/tape/drive.rs index d7a87480..d0795ca6 100644 --- a/src/api2/tape/drive.rs +++ b/src/api2/tape/drive.rs @@ -485,7 +485,7 @@ pub async fn restore_key( if let Some(key_config) = key_config { let password_fn = || { Ok(password.as_bytes().to_vec()) }; let (key, ..) = key_config.decrypt(&password_fn)?; - config::tape_encryption_keys::insert_key(key, key_config)?; + config::tape_encryption_keys::insert_key(key, key_config, true)?; } else { bail!("media does not contain any encryption key configuration"); } diff --git a/src/config/tape_encryption_keys.rs b/src/config/tape_encryption_keys.rs index 4af39356..59c25846 100644 --- a/src/config/tape_encryption_keys.rs +++ b/src/config/tape_encryption_keys.rs @@ -176,7 +176,7 @@ pub fn save_key_configs(map: HashMap) -> Result<(), Erro Ok(()) } -pub fn insert_key(key: [u8;32], key_config: KeyConfig) -> Result<(), Error> { +pub fn insert_key(key: [u8;32], key_config: KeyConfig, force: bool) -> Result<(), Error> { let _lock = open_file_locked( TAPE_KEYS_LOCKFILE, @@ -192,8 +192,10 @@ pub fn insert_key(key: [u8;32], key_config: KeyConfig) -> Result<(), Error> { None => bail!("missing encryption key fingerprint - internal error"), }; - if let Some(_) = config_map.get(&fingerprint) { - bail!("encryption key '{}' already exists.", fingerprint); + if !force { + if let Some(_) = config_map.get(&fingerprint) { + bail!("encryption key '{}' already exists.", fingerprint); + } } let item = EncryptionKeyInfo::new(key, fingerprint.clone());