[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Duplicity-talk] duplicity incr - private key missing

From: Tim Riemenschneider
Subject: Re: [Duplicity-talk] duplicity incr - private key missing
Date: Tue, 23 Nov 2010 20:10:26 +0100
User-agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; de; rv: Gecko/20101027 Lightning/1.0b2 Thunderbird/3.1.6

Am 23.11.2010 13:49, schrieb address@hidden:
> In theory duplicity does not need the private key of a backups
> encryption public key for incremental backup anymore. This is possible
> due to the unencrypted contents of the archive dir.
> In practice a duply user now stumbled over the following. I can
> reproduce this.
> Generate a key pair. Export it.
> Delete the private key from your keyring.
> Do an initial backup with duplicity.
> Do a second backup or force an incremental backup. This fails with an
> error like
> "The matching private key is missing"
> What is going on here. Can somebody more familiar with the encryption
> code please confirm this behaviour. I tried version 0.6.06, 0.6.08 and
> 0.6.11 .. none works as expected.
> Commandline generated by duply is
> TMPDIR='/tmp'
> /srv/www/vhosts/jamoke.net/_apps/duplicity-0.6.06/bin/duplicity
> --encrypt-key DA3FEEDB --verbosity '4' --exclude-globbing-filelist
> '/srv/www/vhosts/jamoke.net/.duply/keytest/exclude' '~/duply_dev'
> 'file:///tmp/keyt3esrt'
> thanks ede/duply.net
That used to work sometimes. (I must admit that was in the old days when
the archive-dir was optional. I used this scenario then, but since I
re-imported the secret key (for a restore) and didn't remove it afterwards)
However the scenario was a bit different, I didn't try it with newer
duplicity (I don't know if it matters):
generate TWO key pairs, one encryption-key and one signing-key. Only
remove the secret-key of the encryption-keypair.
the duplicity-cmdline should be like:
duplicty --encrypt-key <id of the encrypt-key> --sign-key <id of the
sign-key> <remaining-options>

(maybe I try that, when I have time.....)

See my thread from 2008: (which was about what to do when the
archive-dir gets lost)


reply via email to

[Prev in Thread] Current Thread [Next in Thread]