← Back to team overview

duplicity-team team mailing list archive

Re: [Question #658091]: Why does duplicity ask for passwd when --encrypt-key + --sign-key is used???

 

Question #658091 on Duplicity changed:
https://answers.launchpad.net/duplicity/+question/658091

    Status: Answered => Open

ardabro is still having a problem:
Sorry, maybe my English is too bad. Also I see I introduced a bit mess in this line:
"I'm able to decrypt with gpg key without entering any password (third confusion)"
This is false. It asks for password that secures my GPG key(s), and ONLY for this one.
Actually it asks everytime because I have gpg keys caching disabled.
So, when decrypting, the behaviour is 100% CORRECT for scenario with gpg keys.
The problem occurs when backup is created.

Once again the whole case (PLEASE, READ CAREFULLY):

1) run duplicity with optios as previously
2) provide ___ANY_RANDOM_UNNECESSARY_USELESS_PASSWORD__ after "GnuPG passphrase for decryption:"   (only once, no confirmation required!)
3) provide __REAL__ password that wraps my BOTH gpg keys (it is actually the same key pair) after "GnuPG passphrase for signing key:"
4) backup is created.
5) run gpg --output xxx --decrypt duplicity-full*.gpg     OR    duplicity restore file://dst trg
6) provide __REAL__ password that wraps my both keys (the same one as used in p3)
7) file is decrypted or backup restored WITHOUT using this ___ANY_RANDOM_UNNECESSARY_USELESS_PASSWORD__ used in p2 !

The above scenario is 100% reproductible!

P.S.
In p2) duplicity asks the for the password with exactly the same way as it does it twice when I encrypt with password directly (no keys).
But this time it doesn't use entered value at all (why should it use it when a gpg-key is used for encryption?)

-- 
You received this question notification because your team duplicity-team
is an answer contact for Duplicity.