Re: [Duplicity-talk] duplicity incr

duplicity-talk

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Duplicity-talk] duplicity incr - private key missing

From:	edgar . soldin
Subject:	Re: [Duplicity-talk] duplicity incr - private key missing
Date:	Tue, 23 Nov 2010 22:30:59 +0100
User-agent:	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101027 Thunderbird/3.1.6

On 23.11.2010 20:10, Tim Riemenschneider wrote:

Am 23.11.2010 13:49, address@hidden:

>  In theory duplicity does not need the private key of a backups
>  encryption public key for incremental backup anymore. This is possible
>  due to the unencrypted contents of the archive dir.
>
>  In practice a duply user now stumbled over the following. I can
>  reproduce this.
>
>  Generate a key pair. Export it.
>  Delete the private key from your keyring.
>  Do an initial backup with duplicity.
>  Do a second backup or force an incremental backup. This fails with an
>  error like
>
>  "The matching private key is missing"
>
>  What is going on here. Can somebody more familiar with the encryption
>  code please confirm this behaviour. I tried version 0.6.06, 0.6.08 and
>  0.6.11 .. none works as expected.
>
>  Commandline generated by duply is
>
>  TMPDIR='/tmp'
>  /srv/www/vhosts/jamoke.net/_apps/duplicity-0.6.06/bin/duplicity
>  --encrypt-key DA3FEEDB --verbosity '4' --exclude-globbing-filelist
>  '/srv/www/vhosts/jamoke.net/.duply/keytest/exclude' '~/duply_dev'
>  'file:///tmp/keyt3esrt'
>
>  thanks ede/duply.net

That used to work sometimes. (I must admit that was in the old days when
the archive-dir was optional. I used this scenario then, but since I


All I can figure is that it seemed to work because of the bug described in my 
last mail
http://lists.gnu.org/archive/html/duplicity-talk/2010-11/msg00034.html

re-imported the secret key (for a restore) and didn't remove it afterwards)
However the scenario was a bit different, I didn't try it with newer
duplicity (I don't know if it matters):
generate TWO key pairs, one encryption-key and one signing-key. Only
remove the secret-key of the encryption-keypair.
the duplicity-cmdline should be like:
duplicty --encrypt-key<id of the encrypt-key>  --sign-key<id of the
sign-key>  <remaining-options>


Can't see why I should redo the test. The signing is of no significance here.

Thanks for pointing out the archive restoration though. Already had forgotten 
about it.

..ede/duply.net

[Prev in Thread]

Current Thread

[Next in Thread]

[Duplicity-talk] duplicity incr - private key missing, edgar . soldin, 2010/11/23
- Re: [Duplicity-talk] duplicity incr - private key missing, Kenneth Loafman, 2010/11/23
  - Re: [Duplicity-talk] duplicity incr - private key missing, edgar . soldin, 2010/11/23
    - Re: [Duplicity-talk] duplicity incr - private key missing, Kenneth Loafman, 2010/11/23
    - Re: [Duplicity-talk] duplicity incr - private key missing, edgar . soldin, 2010/11/23
- Re: [Duplicity-talk] duplicity incr - private key missing, Tim Riemenschneider, 2010/11/23
  - Re: [Duplicity-talk] duplicity incr - private key missing, edgar . soldin <=

Prev by Date: Re: [Duplicity-talk] duplicity incr - private key missing
Next by Date: [Duplicity-talk] Auto ignores archive dir?
Previous by thread: Re: [Duplicity-talk] duplicity incr - private key missing
Next by thread: [Duplicity-talk] resuming a large restore?
Index(es):
- Date
- Thread