[Duplicity-talk] Why does duplicity need to access my secret key ring?

duplicity-talk

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Duplicity-talk] Why does duplicity need to access my secret key ring?

From:	ry4an-duplicity
Subject:	[Duplicity-talk] Why does duplicity need to access my secret key ring?
Date:	Fri, 10 Jan 2003 16:19:44 -0600
User-agent:	Mutt/1.4i

I'm backing up using duplicity, but I'm providing a password not
associated with my public/private key pair.  Thus, so far as I understand
it, there should be no reason for gpg, and thus duplicity, to access my
secring.gpg.  I know I don't provide the password necessary to unlock
the secring.gpg, so it can't be doing much with it.

I ran a backup through strace to see if I could find the line where gpg
is exec()ed in hopes of seeing how gpg was invoked, but since duplicity
uses a python module that's dynamically linked to gpg there's no exec().

I did, however, see the system calls where the check is made and it
looks as if nothing is done with the secret ring past a stat:

    lstat64("/home/ry4an/.gnupg/secring.gpg", {st_mode=S_IFLNK|0777, 
st_size=30, ...}) = 0
    readlink("/home/ry4an/.gnupg/secring.gpg", 
"/misc/usbkey/linux/secring.gpg", 4096) = 30

To make sure this check isn't a limitation inherent in gpg, I did a

    gpg --symmetric testfile

and that is able to run just fine without access to secring.gpg.

I've looked through the gpg.py that comes with duplicity to see if I
could find anything that was accessing the secret key even when the
encryption type is symmetric, but my python was not up to the task.

I'm interested in this not because I suspect duplicity of doing
something nefarious with my gpg key (heck, it doesn't even have the
keyring password), but because I keep my secring.gpg file on a removable
USB key drive thing, and I'm sick of having to pull my keys out of my
pocket just to do my daily backups.

Does anyone with more python skills than I (not difficult!) see a change
that could be made to gpg.py to avoid the secring.gpg
stat/readlink/existence-check?

Thanks for a wonderful program,

-- 
Ry4an Brase - http://ry4an.org                                    /~\
'If you're not a rebel when you're 20 you've got no heart; if     \ /
 you're not establishment when you're 30 you've got no brain.'     X
             Join the ASCII ribbon campaign against HTML email    / \

[Prev in Thread]

Current Thread

[Next in Thread]

[Duplicity-talk] Why does duplicity need to access my secret key ring?, ry4an-duplicity <=
- Re: [Duplicity-talk] Why does duplicity need to access my secret key ring?, Ben Escoto, 2003/01/11
  - Re: [Duplicity-talk] Why does duplicity need to access my secret key ring?, ry4an-duplicity, 2003/01/11
    - Re: [Duplicity-talk] Why does duplicity need to access my secret key ring?, Ben Escoto, 2003/01/11

Prev by Date: Re: [Duplicity-talk] Encrypting backups?
Next by Date: Re: [Duplicity-talk] Why does duplicity need to access my secret key ring?
Previous by thread: [Duplicity-talk] Encrypting backups?
Next by thread: Re: [Duplicity-talk] Why does duplicity need to access my secret key ring?
Index(es):
- Date
- Thread