duplicity-talk
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Duplicity-talk] Duplicity without Secret Key

From: Kenneth Loafman
Subject: Re: [Duplicity-talk] Duplicity without Secret Key
Date: Fri, 03 Oct 2008 09:12:47 -0500
User-agent: Thunderbird 2.0.0.17 (X11/20080925) 
Colin Ryan wrote:
> I'm interested in using duplicity in a situation where I don't want to
> assume the physical security of the system from which duplicity is
> running. I was hoping I could leverage the fact that gpg is a public-key
> infrastructure and be able to have only the public key as generated from
> a secured system and imported into the duplicity system and signed with
> duplicity systems keyring.
> 
> I've set this up and selected encrypt key to be the key with just the
> public key available, and sign-key to be the systems local key but
> duplicity complains about no secret available. It's I guess not a total
> surprise that I can't do this but thought I'd open up the question
> regarding doing this.
> 
> Is it possible to use duplicity with just the public key, realizing of
> course that I could not then use this system to restore etc. But I'm
> guessing I'm challenged by the fact that the manifest and sig. files are
> also encrypted and therefor need to be decrypted to support proper
> incrementals and other functions.

If you use --archive-dir=<localdir> then duplicity will not need to
decrypt the manifest and sig files and should not need the secret key.
I'm not sure this path has been tested, but it should work.

...Ken

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]