[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Duplicity-talk] Duplicity asking encrypt-key passphrase?

From: Etienne Perot
Subject: [Duplicity-talk] Duplicity asking encrypt-key passphrase?
Date: Sun, 08 Jul 2012 01:00:40 -0400


I have generated 2 PGP keys, one for encryption and one for signing.
Both of them are RSA/RSA keypairs, with different passphrases, different 
names, and different email addresses attached to them.

I am running duplicity using:

export SIGN_PASSPHRASE="(passphrase of signing key)"
duplicity full \
  --encrypt-key (key id of encryption key) \
  --sign-key (key id of signing key) \
  /home file:///media/home-server/backup

This works fine and the full bakcup is performed. No problems here.

However, when I do an incremental backup using the exact same command but 
replacing "full" by "incremental", duplicity first says:

Local and Remote metadata are synchronized, no sync needed.
Last full backup date: Sat Jul  7 21:01:14 2012

But duplicity doesn't exit; it then asks for a passphrase. It prompts for 
"GnuPG passphrase:" (as opposed to "GnuPG passphrase for signing key:"), so it 
is asking for the *encryption* key passphrase, not the signing key passphrase. 
If I give it the signing key passphrase, it fails with the error:

GPGError: GPG Failed, see log below:
===== Begin GnuPG log =====
gpg-agent[9188]: enabled debug flags: assuan
random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
outmix=0 getlvl1=0/0 getlvl2=0/0
secmem usage: 384/32768 bytes in 2 blocks
===== End GnuPG log =====

If on the other hand I give it the encryption key passphrase, the incremental 
backup works and everything goes through.

My question is: why do I need to provide my encryption key passphrase? Does 
duplicity need to decrypt anything? I would like those backups to be 
unattended, and obviously I wouldn't want to store the encryption key 
passphrase here.

I have tried the same process but using PASSPHRASE instead of SIGN_PASSPHRASE, 
and I have tried using both variables set. I have found the the incremental 
only works when PASSPHRASE is set to the encryption key's passphrase (and in 
those cases, it doesn't prompt for a passphrase).

I am using duplicity 0.6.19 from the Arch repositories.

Thanks in advance.
Etienne Perot
Signed using https://perot.me/pgp.asc (974E E250) on 2012-07-07 20:53:26.

Attachment: signature.asc
Description: This is a digitally signed message part.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]