[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Duplicity-talk] Manifest stores SHA1 hash of files, checked before
|
From: |
Chris Poole |
|
Subject: |
Re: [Duplicity-talk] Manifest stores SHA1 hash of files, checked before restore? |
|
Date: |
Mon, 18 Jul 2011 15:42:45 +0100 |
On Thu, Jul 14, 2011 at 6:16 PM, <address@hidden> wrote:
> On 14.07.2011 18:57, Chris Poole wrote:
>> But when I backup incrementally, why is it wanting my passphrase for
>> encryption? It doesn't need to to encrypt to my public key, so it
>> should only require it for signing.
>
> it needs to decrypt the remote manifest. please read the mailing list
> discussion linked in http://bugs.launchpad.net/duplicity/+bug/687295
[snip]
>> Local and remote caches were synced, so it didn't have to pull
>> manifest and signature files from the remote and decrypt them before
>> starting the backup.
>
> as above. as far as i recall the sync is determined by information which is
> in encrypted remote manifest.
But if I don't supply a signing key and just an encryption key, this doesn't
happen. If the local and remote are synchronised already, why is it asked for?
(Using just encryption and no signing would still produce a reote manifest file
that would need to be decrypted, asking a passphrase, but Duplicity can tell if
the file is already in the local cache.)
>> When I perform a full backup, I'm only asked for my passphrase twice.
>> Still too much, I think, since gpg would throw an error if the
>> passphrase didn't allow the first signing to take place, so the
>> replication on the user's part shouldn't be required.
>
> that's what i argued. but the opposite also has a point that this way you
> don't have to restart duplicity. see ken's answer 2/3 posts ago.
I understand that, but it's less work for the user to just type it once
correctly, isn't it? Perhaps worth filing an enhancement bug, or not?
It's annoying because my passphrase is pretty long, so it's a pain typing it 3
times.
(On a side note, I can use gpg-agent and use --use-agent with duplicity, which
works, but I still get asked for the passphrase (by pinentry) more than once for
some reason. The second time, a load of Duplicity's text starts filling the
pinentry screen, making me unsure if the entry is actually secure or not. It
works fine just using the gpg binary directly to sign some files.)
Cheers
Chris
- Re: [Duplicity-talk] Manifest stores SHA1 hash of files, checked before restore?, (continued)
- Re: [Duplicity-talk] Manifest stores SHA1 hash of files, checked before restore?, edgar . soldin, 2011/07/14
- Re: [Duplicity-talk] Manifest stores SHA1 hash of files, checked before restore?, Chris Poole, 2011/07/14
- Re: [Duplicity-talk] Manifest stores SHA1 hash of files, checked before restore?, edgar . soldin, 2011/07/14
- Re: [Duplicity-talk] Manifest stores SHA1 hash of files, checked before restore?, Kenneth Loafman, 2011/07/14
- Re: [Duplicity-talk] Manifest stores SHA1 hash of files, checked before restore?, edgar . soldin, 2011/07/14
- Re: [Duplicity-talk] Manifest stores SHA1 hash of files, checked before restore?, Kenneth Loafman, 2011/07/14
- Re: [Duplicity-talk] Manifest stores SHA1 hash of files, checked before restore?, edgar . soldin, 2011/07/14
- Re: [Duplicity-talk] Manifest stores SHA1 hash of files, checked before restore?, Chris Poole, 2011/07/14
- Re: [Duplicity-talk] Manifest stores SHA1 hash of files, checked before restore?, Chris Poole, 2011/07/14
- Re: [Duplicity-talk] Manifest stores SHA1 hash of files, checked before restore?, edgar . soldin, 2011/07/14
- Re: [Duplicity-talk] Manifest stores SHA1 hash of files, checked before restore?,
Chris Poole <=
- Re: [Duplicity-talk] Manifest stores SHA1 hash of files, checked before restore?, edgar . soldin, 2011/07/18
- Re: [Duplicity-talk] Manifest stores SHA1 hash of files, checked before restore?, Chris Poole, 2011/07/21