duplicity-team team mailing list archive
-
duplicity-team team
-
Mailing list archive
-
Message #04512
Re: [Question #658091]: Why does duplicity ask for passwd when --encrypt-key + --sign-key is used???
Question #658091 on Duplicity changed:
https://answers.launchpad.net/duplicity/+question/658091
Status: Open => Answered
edso proposed the following answer:
ardabro,
your command line looks like
> Args: /usr/bin/duplicity full --name=test_backup --encrypt-key=DEADBEEF --sign-key=DEADBEEF /home/ard/temp/duplicity_test/src file:///home/ard/temp/duplicity_test/dst
so you
1. sign
&
2. encrypt
when signing and encryption key are identical, the decryption passphrase
is (re)used for signing.
even when not signing, duplicity will ask the passphrase as a
precaution, it _might_ need to decrypt files for the repository (on
resume, archive folder sync).
> I'm able to decrypt with gpg key without entering any password (third
confusion)
that cannot be right, unless your private key is not protected by a
passphrase.
please read up on how gpg and asymmetrical encryption work in general.
the duplicity answer section is not the proper place to educate you in
this regard.
have fun ..ede/duply.net
On 9/16/2017 14:23, ardabro wrote:
> Question #658091 on Duplicity changed:
> https://answers.launchpad.net/duplicity/+question/658091
>
> Status: Answered => Open
>
> ardabro is still having a problem:
> OK
> I'm Sorry, my mistake and additional confusion from gpg agent and cached keys.
> Everything is ok with gpg and its keys/passwords but I still have no
> idea why duplicity asks for decryption password when encryption key is used.
> It asks only once (second confusion) and does not use it at all -
> I'm able to decrypt with gpg key without entering any password (third confusion)
>
> ....
> Main action: full
> ================================================================================
> duplicity 0.7.11 (December 31, 2016)
> Args: /usr/bin/duplicity full --name=test_backup --encrypt-key=DEADBEEF --sign-key=DEADBEEF /home/ard/temp/duplicity_test/src file:///home/ard/temp/duplicity_test/dst
> Linux t430-deb 4.9.0-3-amd64 #1 SMP Debian 4.9.30-2+deb9u3 (2017-08-06) x86_64
> /usr/bin/python 2.7.13 (default, Jan 19 2017, 14:48:08)
> [GCC 6.3.0 20170118]
> ================================================================================
> ....
> Last full backup date: none
> PASSPHRASE variable not set, asking user.
> GnuPG passphrase for decryption: # "12345" - doesn't matter
> PASSPHRASE variable not set, asking user.
> GnuPG passphrase for signing key: # correct - my real key-wrapping password is reqiured
> ....
> --------------[ Backup Statistics ]--------------
> StartTime 1505562881.09 (Sat Sep 16 13:54:41 2017)
> ....
> TotalDestinationSizeChange 912 (912 bytes)
> Errors 0
> -------------------------------------------------
>
>> cd /home/ard/temp/duplicity_test/dst
>> ls -1
> duplicity-full.20170916T115427Z.manifest.gpg
> duplicity-full.20170916T115427Z.vol1.difftar.gpg
> duplicity-full-signatures.20170916T115427Z.sigtar.gpg
>
>> gpg --output xxx --decrypt duplicity-full-signatures.20170916T115427Z.sigtar.gpg
> Please enter the passphrase to unlock the OpenPGP secret key:
> "ard <ard@xxxxxxxxx>"
> 2048-bit RSA key, ID ****************,
> created 2017-07-29 (main key ID ****************).
>
> Passphrase:
> gpg: encrypted with 2048-bit RSA key, ID ****************, created 2017-07-29
> "ard <ard@xxxxxxxxx>"
> gpg: Signature made Sat 16 Sep 2017 13:54:41 CEST
> gpg: using RSA key ****************************************
> gpg: Good signature from "ard <ard@xxxxxxxxx>" [ultimate]
>
> It asks for wrapping password for my keys; this is ok;
> and does NOT ask for this confusing duplicity password ("12345")
> I think it is a bug.
>
--
You received this question notification because your team duplicity-team
is an answer contact for Duplicity.