Re: [Duplicity-talk] Manifest stores SHA1 hash of files, checked before restore?

[edgar . soldin]

On 14.07.2011 12:19, Chris Poole wrote:
> On Thu, Jul 14, 2011 at 9:38 AM,  <address@hidden> wrote:
>> On 13.07.2011 17:53, Chris Poole wrote:
>>> (Thus, it's very important to sign
>>> backups being stored in untrusted locations.)
>>
>> It is provided the public key used is published somewhere or in other ways 
>> available to a possible attacker. If you create a keypair just for your 
>> backup and keep it on the backup machine and in your secure storage (for 
>> restoring) you don't necessarily need it.
>>
>> On the other hand. Currently duplicity needs a private key to work reliably, 
>> so signing to it does no harm and can be seen as an extra lock for an 
>> intruder to pick. see http://bugs.launchpad.net/duplicity/+bug/687295
> 
> Thanks. I'm going to get used to signing my backups. I don't use cron
> to do them for me anyway.
> 
> What I find annoying is that Duplicity asks me for my passphrase (when
> doing an incremental backup) 3 times. Surely once is enough, to
> decrypt my private key? (Using the same Key ID to encrypt and sign my
> backup.)
> 
 
latest duplicity has the possibility to define env var SIGN_PASSPHRASE and 
PASSPHRASE. this way you don't have to input them manually.

there is no code to compare signing vs. encryption key, so they are asked for 
separately. I am not sure if the double input to ensure correctness is a wise 
decision. i would plead to have it putted in and if it is wrong gpg will 
complain later on.

@ken: is the doublecheck routine really necessary?

eventually. i just had a look at the corresponding code 
duplicity-bin::get_passphrase. with the latest duplicity you should be asked 
two times ("Input/Retype") for each key (Signing/Encryption). Isn't that so? 
You could post an obfuscated output log of a run with '-v9' to show what 
happens.

ede/duply.net