[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Duplicity-talk] duplicity incr - private key missing

From: edgar . soldin
Subject: Re: [Duplicity-talk] duplicity incr - private key missing
Date: Tue, 23 Nov 2010 22:30:59 +0100
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv: Gecko/20101027 Thunderbird/3.1.6

On 23.11.2010 20:10, Tim Riemenschneider wrote:
Am 23.11.2010 13:49, address@hidden:
>  In theory duplicity does not need the private key of a backups
>  encryption public key for incremental backup anymore. This is possible
>  due to the unencrypted contents of the archive dir.
>  In practice a duply user now stumbled over the following. I can
>  reproduce this.
>  Generate a key pair. Export it.
>  Delete the private key from your keyring.
>  Do an initial backup with duplicity.
>  Do a second backup or force an incremental backup. This fails with an
>  error like
>  "The matching private key is missing"
>  What is going on here. Can somebody more familiar with the encryption
>  code please confirm this behaviour. I tried version 0.6.06, 0.6.08 and
>  0.6.11 .. none works as expected.
>  Commandline generated by duply is
>  TMPDIR='/tmp'
>  /srv/www/vhosts/jamoke.net/_apps/duplicity-0.6.06/bin/duplicity
>  --encrypt-key DA3FEEDB --verbosity '4' --exclude-globbing-filelist
>  '/srv/www/vhosts/jamoke.net/.duply/keytest/exclude' '~/duply_dev'
>  'file:///tmp/keyt3esrt'
>  thanks ede/duply.net
That used to work sometimes. (I must admit that was in the old days when
the archive-dir was optional. I used this scenario then, but since I

All I can figure is that it seemed to work because of the bug described in my 
last mail

re-imported the secret key (for a restore) and didn't remove it afterwards)
However the scenario was a bit different, I didn't try it with newer
duplicity (I don't know if it matters):
generate TWO key pairs, one encryption-key and one signing-key. Only
remove the secret-key of the encryption-keypair.
the duplicity-cmdline should be like:
duplicty --encrypt-key<id of the encrypt-key>  --sign-key<id of the
sign-key>  <remaining-options>

Can't see why I should redo the test. The signing is of no significance here.

Thanks for pointing out the archive restoration though. Already had forgotten 
about it.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]