[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Duplicity-talk] why is GPG passphrase requested twice?

From: Tim Riemenschneider
Subject: Re: [Duplicity-talk] why is GPG passphrase requested twice?
Date: Mon, 21 Jul 2008 15:25:27 +0200
User-agent: Mozilla-Thunderbird (X11/20080509)

Kenneth Loafman schrieb:
> Dan Muresan wrote:
>>> The passphrase isn't new; it's the passphrase for my existing GPG key.
>>>  So GPG already knows it; if I enter it incorrectly, GPG will return
>>> an error message.  What more do you need to detect errors?
>> Normally, duplicity uses symmetric encryption with the specified passphrase.
>> There are various options for working with GPG keys (which I don't
>> recall). Possibly your GPG key was never even touched.
> If you use the --encrypt-key option, duplicity assumes that you are
> encrypting to that public key, which has no password.  Without it,
> duplicity assumes symmetric encryption and requires a password.
> If you have a passphrase on your public key, duplicity will fail.
> ...Ken

Working with keys with passphrases works when using an archive-directory
(which must be kept!)

(in this thread I used two different keys for --encrypt-key and
--sign-key, both with passphrases (on their secret-keys of course))
Using this it's possible to create backups against a gpg-key, whose
secret part is nowhere on the system to be backuped. Furthermore one has
control over who can use these backups by using several --encrypt-key
(To let gpg use this key, one has however set the trust on it. Either by
using gpg-options to trust it explicit (I don't remember which, I think
something like trust-model or the like), or by setting the trust-level
to ultimate with "gpg --edit-key")


reply via email to

[Prev in Thread] Current Thread [Next in Thread]