duplicity-team team mailing list archive

Thread
Date

[Question #681867]: Attempting to sign with a non-existent key silently defaults to an existing key?

To: duplicity-team@xxxxxxxxxxxxxxxxxxx
From: Jake Herrmann <question681867@xxxxxxxxxxxxxxxxxxxxx>
Date: Mon, 08 Jul 2019 23:42:54 -0000
Reply-to: question681867@xxxxxxxxxxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

New question #681867 on Duplicity:
https://answers.launchpad.net/duplicity/+question/681867

It seems that attempting to sign a symmetrically encrypted backup using a non-existent secret key results in duplicity silently defaulting to an existing secret key. For example, the command:

duplicity --sign-key=aaaaaaaa src file://dest

works exactly as if I had specified an existing secret key (I think it defaults to the earliest-created key); it prompts for passphrases, accepts the passphrase for the existing key, and then when restoring from the backup, duplicity indicates that the backup was signed with the existing key.

I increased the verbosity to the highest level (debug) and ran the backup command again, but did not see any log messages to indicate that duplicity was intentionally defaulting to an existing key. Therefore this seems like a bug, but I thought I would ask before filing a bug report, in case this is intended behavior.

I'm running duplicity 0.7.11 on Debian GNU/Linux 9 (stretch), so I apologize if this has been fixed in a later release.

Note that this issue does not occur if attempting asymmetric encryption with --encrypt-sign-key, because gpg will simply fail with "No public key".

-- 
You received this question notification because your team duplicity-team
is an answer contact for Duplicity.