I tried and failed and eventually succeeded in backing up a live site with backup encryption and then restoring on a local dev site.
The missing piece of the puzzle had been the initialization vector stored by the AES Encryption module in the variables table.
The initialization vector seems to be generated by the AES module when first required. This means that different versions of the same site can have different initialization vectors, preventing decryption of a backup.
It's pretty obvious (I assume) that to restore an encrypted backup from another site the key file is required. It's not obvious that an initialization vector is required. Should this requirement be added to Backup Migrate's documentation? If so, where? In the README file?
I'm happy to write the guidance myself.
Comments
Comment #1
crantok CreditAttribution: crantok commentedAs a result of this issue, someone just contacted me to ask how to edit the initialisation vector on a dev site so that they could restore their production backup. I'm pasting my answer in here in case it helps anyone else:
The initialisation vector is stored in the variables table, so you can use whatever method you normally use to edit the variables table. I like the variables editor from the Devel module.
Comment #2
couturier CreditAttribution: couturier as a volunteer commented@DamienMcKenna has proposed that the 7.x-2.x branch be deprecated once the upgrade path to 7.x-3.x is verified. See this issue: Verify 7.x-2.x -to- 7.x-3.x upgrade path, mark 7.x-2.x as unsupported
Comment #3
couturier CreditAttribution: couturier as a volunteer commentedActually, feature requests can be bumped to the 7.x-3.2 branch.
Comment #4
couturier CreditAttribution: couturier as a volunteer commented7.x-3.x dev is the better category.