duplicity-team team mailing list archive

Thread
Date

Re: [Question #658091]: Why does duplicity ask for passwd when --encrypt-key + --sign-key is used???

To: duplicity-team@xxxxxxxxxxxxxxxxxxx
From: edso <question658091@xxxxxxxxxxxxxxxxxxxxx>
Date: Wed, 20 Sep 2017 20:44:34 -0000
Reply-to: question658091@xxxxxxxxxxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

Question #658091 on Duplicity changed:
https://answers.launchpad.net/duplicity/+question/658091

    Status: Open => Answered

edso proposed the following answer:
On 9/20/2017 22:23, ardabro wrote:
> Question #658091 on Duplicity changed:
> https://answers.launchpad.net/duplicity/+question/658091
> 
>     Status: Answered => Open
> 
> ardabro is still having a problem:
>> as i said. encryption passphrase during backup (p1-4) is always requested but only _needed_ when the backup 
>> resumes or the archive needs to be synced, because only in these cases decryption is needed during backup.
> 
>>> Does it mean, that duplicity will ask me for this "unnecessary"
> password when I resume interrupted process?
> 
>> no, it will ask you for the proper passphrase or it won't proceed, because the old encryption does not match 
>> the new encryption.
> 
> Sorry, but I't seems to be false.
> I started backup. Gave encryption password=="12345". I iterrupted the process after 2nd volume.
> Then I restarted with exactly the same commandline. It realized that the process was interrupted.
> It asked for encruption password and I gave "qwerty" this time. Everything went perfectly OK.
> 
> A piece of log from 2nd run:
> Local and Remote metadata are synchronized, no sync needed.
> Last full backup left a partial set, restarting.
> Last full backup date: Wed Sep 20 22:01:48 2017
> GnuPG passphrase for decryption: 
> GnuPG passphrase for signing key: 
> RESTART: Volumes 2 to 2 failed to upload before termination.
>          Restarting backup at volume 2.
> Restarting after volume 1, file debian9.iso, block 1595
> ...
> 
> I still don't know when this password is necessary, why it asks only
> once (what if I make a typo?) and why it needs to verify anything with
> additional password when I order it to enrypt with my gpg key.
> 

this source code comment explains it.
  http://bazaar.launchpad.net/~duplicity-team/duplicity/0.8-series/view/head:/bin/duplicity#L347

why the error is not raised is beyond me.

another thing you can try is doing an encrypted backup, then deleting the corresponding local archive dir (usually under ~/.cache/duplicity/).
on the next run it should try to synchronize the local w/ the remote and see the local is missing and download/decrypt some files from the remote to the local archive dir.
give the wrong passphrase this should fail.

what is your gpg version? make sure to kill the gpg-agent instance
between runs to make sure that really no passphrases are cached.

..ede/duply.net

-- 
You received this question notification because your team duplicity-team
is an answer contact for Duplicity.