← Back to team overview

duplicity-team team mailing list archive

Re: [Question #658091]: Why does duplicity ask for passwd when --encrypt-key + --sign-key is used???

 

Question #658091 on Duplicity changed:
https://answers.launchpad.net/duplicity/+question/658091

    Status: Open => Answered

edso proposed the following answer:
ardabro,

your command line looks like
> Args: /usr/bin/duplicity full --name=test_backup --encrypt-key=DEADBEEF --sign-key=DEADBEEF /home/ard/temp/duplicity_test/src file:///home/ard/temp/duplicity_test/dst

so you
1. sign
&
2. encrypt

when signing and encryption key are identical, the decryption passphrase
is (re)used for signing.

even when not signing, duplicity will ask the passphrase as a
precaution, it _might_ need to decrypt files for the repository (on
resume, archive folder sync).

> I'm able to decrypt with gpg key without entering any password (third
confusion)

that cannot be right, unless your private key is not protected by a
passphrase.

please read up on how gpg and asymmetrical encryption work in general.
the duplicity answer section is not the proper place to educate you in
this regard.

have fun ..ede/duply.net

On 9/16/2017 14:23, ardabro wrote:
> Question #658091 on Duplicity changed:
> https://answers.launchpad.net/duplicity/+question/658091
> 
>     Status: Answered => Open
> 
> ardabro is still having a problem:
> OK
> I'm Sorry, my mistake and additional confusion from gpg agent and cached keys.
> Everything is ok with gpg and its keys/passwords but I still have no
> idea why duplicity asks for decryption password when encryption key is used.
> It asks only once (second confusion) and does not use it at all -
> I'm able to decrypt with gpg key without entering any password (third confusion)
> 
> ....
> Main action: full
> ================================================================================
> duplicity 0.7.11 (December 31, 2016)
> Args: /usr/bin/duplicity full --name=test_backup --encrypt-key=DEADBEEF --sign-key=DEADBEEF /home/ard/temp/duplicity_test/src file:///home/ard/temp/duplicity_test/dst
> Linux t430-deb 4.9.0-3-amd64 #1 SMP Debian 4.9.30-2+deb9u3 (2017-08-06) x86_64 
> /usr/bin/python 2.7.13 (default, Jan 19 2017, 14:48:08) 
> [GCC 6.3.0 20170118]
> ================================================================================
> ....
> Last full backup date: none
> PASSPHRASE variable not set, asking user.
> GnuPG passphrase for decryption:                    # "12345" - doesn't matter 
> PASSPHRASE variable not set, asking user.
> GnuPG passphrase for signing key:                   # correct - my real key-wrapping password is reqiured
> ....
> --------------[ Backup Statistics ]--------------
> StartTime 1505562881.09 (Sat Sep 16 13:54:41 2017)
> ....
> TotalDestinationSizeChange 912 (912 bytes)
> Errors 0
> -------------------------------------------------
> 
>> cd /home/ard/temp/duplicity_test/dst
>> ls -1
> duplicity-full.20170916T115427Z.manifest.gpg
> duplicity-full.20170916T115427Z.vol1.difftar.gpg
> duplicity-full-signatures.20170916T115427Z.sigtar.gpg
> 
>> gpg --output xxx --decrypt duplicity-full-signatures.20170916T115427Z.sigtar.gpg
> Please enter the passphrase to unlock the OpenPGP secret key:
> "ard <ard@xxxxxxxxx>"
> 2048-bit RSA key, ID ****************,
> created 2017-07-29 (main key ID ****************).
> 
> Passphrase: 
> gpg: encrypted with 2048-bit RSA key, ID ****************, created 2017-07-29
>       "ard <ard@xxxxxxxxx>"
> gpg: Signature made Sat 16 Sep 2017 13:54:41 CEST
> gpg:                using RSA key ****************************************
> gpg: Good signature from "ard <ard@xxxxxxxxx>" [ultimate]
>    
> It asks for wrapping password for my keys; this is ok;
> and does NOT ask for this confusing duplicity password ("12345")
> I think it is a bug.
>

-- 
You received this question notification because your team duplicity-team
is an answer contact for Duplicity.