duplicity-team team mailing list archive
-
duplicity-team team
-
Mailing list archive
-
Message #04514
Re: [Question #658091]: Why does duplicity ask for passwd when --encrypt-key + --sign-key is used???
Question #658091 on Duplicity changed:
https://answers.launchpad.net/duplicity/+question/658091
Status: Open => Answered
edso proposed the following answer:
On 9/17/2017 18:09, ardabro wrote:
> Question #658091 on Duplicity changed:
> https://answers.launchpad.net/duplicity/+question/658091
>
> Status: Answered => Open
>
> ardabro is still having a problem:
> Sorry, maybe my English is too bad. Also I see I introduced a bit mess in this line:
> "I'm able to decrypt with gpg key without entering any password (third confusion)"
> This is false. It asks for password that secures my GPG key(s), and ONLY for this one.
> Actually it asks everytime because I have gpg keys caching disabled.
> So, when decrypting, the behaviour is 100% CORRECT for scenario with gpg keys.
> The problem occurs when backup is created.
>
> Once again the whole case (PLEASE, READ CAREFULLY):
>
> 1) run duplicity with optios as previously
> 2) provide ___ANY_RANDOM_UNNECESSARY_USELESS_PASSWORD__ after "GnuPG passphrase for decryption:" (only once, no confirmation required!)
> 3) provide __REAL__ password that wraps my BOTH gpg keys (it is actually the same key pair) after "GnuPG passphrase for signing key:"
> 4) backup is created.
> 5) run gpg --output xxx --decrypt duplicity-full*.gpg OR duplicity restore file://dst trg
> 6) provide __REAL__ password that wraps my both keys (the same one as used in p3)
> 7) file is decrypted or backup restored WITHOUT using this ___ANY_RANDOM_UNNECESSARY_USELESS_PASSWORD__ used in p2 !
>
> The above scenario is 100% reproductible!
>
> P.S.
> In p2) duplicity asks the for the password with exactly the same way as it does it twice when I encrypt with password directly (no keys).
> But this time it doesn't use entered value at all (why should it use it when a gpg-key is used for encryption?)
>
as i said. encryption passphrase during backup (p1-4) is always
requested but only _needed_ when the backup resumes or the archive needs
to be synced, because only in these cases decryption is needed during
backup.
..ede/duply.net
--
You received this question notification because your team duplicity-team
is an answer contact for Duplicity.