duplicity-talk
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Duplicity-talk] Different session key for each backup volume?


From: Chris Poole
Subject: Re: [Duplicity-talk] Different session key for each backup volume?
Date: Fri, 24 Jun 2011 13:48:39 +0100

On Thu, Jun 23, 2011 at 5:18 PM, Martin Pool <address@hidden> wrote:

> This is true.  I don't see the relevance of session keys to backup
> security.  Maybe Chris Poole can clarify his question.
> Martin

Sure, perhaps the terminology I used is incorrect? (Though, I didn't think so.)

Here's my understanding of how GPG works:

1. Generate a random key. (This is what I was calling the 'session key'.)
2. Use generated random key to symmetrically encrypt plaintext
3. Use public key to encrypt the random key generated in (1)
4. Glue the encrypted data in (2) to the encrypted key in (3), together forming
   the output

As such, my assumption is that Duplicity assembles a plaintext volume, which is
then run though GPG before being uploaded somewhere.

Then it grabs more plaintext data, packs it into a volume of a certain size
again, and runs GPG again. As such, each volume will have a different 'session
key' generated.

My question really pertains to how Duplicity, or perhaps how the GPG library
that it uses, works. I assume it doesn't start up GPG, generate a session key
once, then somehow keep that session going such that each volume uses the same
random key for all the symmetric encryption.

I've never used the GPG library though, just the standard CLI program, so I'm
unsure.

(Perhaps it's a daft question and there's no way GPG would ever be made to do
this, I'm just curious. (Fortunately I'm not a cat.))


Cheers

Chris



reply via email to

[Prev in Thread] Current Thread [Next in Thread]