← Back to team overview

duplicity-team team mailing list archive

Re: [Question #658091]: Why does duplicity ask for passwd when --encrypt-key + --sign-key is used???


Question #658091 on Duplicity changed:

    Status: Open => Answered

edso proposed the following answer:
On 9/20/2017 22:23, ardabro wrote:
> Question #658091 on Duplicity changed:
> https://answers.launchpad.net/duplicity/+question/658091
>     Status: Answered => Open
> ardabro is still having a problem:
>> as i said. encryption passphrase during backup (p1-4) is always requested but only _needed_ when the backup 
>> resumes or the archive needs to be synced, because only in these cases decryption is needed during backup.
>>> Does it mean, that duplicity will ask me for this "unnecessary"
> password when I resume interrupted process?
>> no, it will ask you for the proper passphrase or it won't proceed, because the old encryption does not match 
>> the new encryption.
> Sorry, but I't seems to be false.
> I started backup. Gave encryption password=="12345". I iterrupted the process after 2nd volume.
> Then I restarted with exactly the same commandline. It realized that the process was interrupted.
> It asked for encruption password and I gave "qwerty" this time. Everything went perfectly OK.
> A piece of log from 2nd run:
> Local and Remote metadata are synchronized, no sync needed.
> Last full backup left a partial set, restarting.
> Last full backup date: Wed Sep 20 22:01:48 2017
> GnuPG passphrase for decryption: 
> GnuPG passphrase for signing key: 
> RESTART: Volumes 2 to 2 failed to upload before termination.
>          Restarting backup at volume 2.
> Restarting after volume 1, file debian9.iso, block 1595
> ...
> I still don't know when this password is necessary, why it asks only
> once (what if I make a typo?) and why it needs to verify anything with
> additional password when I order it to enrypt with my gpg key.

this source code comment explains it.

why the error is not raised is beyond me.

another thing you can try is doing an encrypted backup, then deleting the corresponding local archive dir (usually under ~/.cache/duplicity/).
on the next run it should try to synchronize the local w/ the remote and see the local is missing and download/decrypt some files from the remote to the local archive dir.
give the wrong passphrase this should fail.

what is your gpg version? make sure to kill the gpg-agent instance
between runs to make sure that really no passphrases are cached.


You received this question notification because your team duplicity-team
is an answer contact for Duplicity.