← Back to team overview

duplicity-team team mailing list archive

Re: [Question #658091]: Why does duplicity ask for passwd when --encrypt-key + --sign-key is used???

 

Question #658091 on Duplicity changed:
https://answers.launchpad.net/duplicity/+question/658091

    Status: Open => Answered

edso proposed the following answer:
On 9/17/2017 18:09, ardabro wrote:
> Question #658091 on Duplicity changed:
> https://answers.launchpad.net/duplicity/+question/658091
> 
>     Status: Answered => Open
> 
> ardabro is still having a problem:
> Sorry, maybe my English is too bad. Also I see I introduced a bit mess in this line:
> "I'm able to decrypt with gpg key without entering any password (third confusion)"
> This is false. It asks for password that secures my GPG key(s), and ONLY for this one.
> Actually it asks everytime because I have gpg keys caching disabled.
> So, when decrypting, the behaviour is 100% CORRECT for scenario with gpg keys.
> The problem occurs when backup is created.
> 
> Once again the whole case (PLEASE, READ CAREFULLY):
> 
> 1) run duplicity with optios as previously
> 2) provide ___ANY_RANDOM_UNNECESSARY_USELESS_PASSWORD__ after "GnuPG passphrase for decryption:"   (only once, no confirmation required!)
> 3) provide __REAL__ password that wraps my BOTH gpg keys (it is actually the same key pair) after "GnuPG passphrase for signing key:"
> 4) backup is created.
> 5) run gpg --output xxx --decrypt duplicity-full*.gpg     OR    duplicity restore file://dst trg
> 6) provide __REAL__ password that wraps my both keys (the same one as used in p3)
> 7) file is decrypted or backup restored WITHOUT using this ___ANY_RANDOM_UNNECESSARY_USELESS_PASSWORD__ used in p2 !
> 
> The above scenario is 100% reproductible!
> 
> P.S.
> In p2) duplicity asks the for the password with exactly the same way as it does it twice when I encrypt with password directly (no keys).
> But this time it doesn't use entered value at all (why should it use it when a gpg-key is used for encryption?)
> 

as i said. encryption passphrase during backup (p1-4) is always
requested but only _needed_ when the backup resumes or the archive needs
to be synced, because only in these cases decryption is needed during
backup.

..ede/duply.net

-- 
You received this question notification because your team duplicity-team
is an answer contact for Duplicity.