[Duplicity-talk] Duplicity asking encrypt-key passphrase?

duplicity-talk

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Duplicity-talk] Duplicity asking encrypt-key passphrase?

From:	Etienne Perot
Subject:	[Duplicity-talk] Duplicity asking encrypt-key passphrase?
Date:	Sun, 08 Jul 2012 01:00:40 -0400

Hi,

I have generated 2 PGP keys, one for encryption and one for signing.
Both of them are RSA/RSA keypairs, with different passphrases, different 
names, and different email addresses attached to them.

I am running duplicity using:

export SIGN_PASSPHRASE="(passphrase of signing key)"
duplicity full \
  --encrypt-key (key id of encryption key) \
  --sign-key (key id of signing key) \
  /home file:///media/home-server/backup
unset SIGN_PASSPHRASE

This works fine and the full bakcup is performed. No problems here.

However, when I do an incremental backup using the exact same command but 
replacing "full" by "incremental", duplicity first says:

Local and Remote metadata are synchronized, no sync needed.
Last full backup date: Sat Jul  7 21:01:14 2012

But duplicity doesn't exit; it then asks for a passphrase. It prompts for 
"GnuPG passphrase:" (as opposed to "GnuPG passphrase for signing key:"), so it 
is asking for the *encryption* key passphrase, not the signing key passphrase. 
If I give it the signing key passphrase, it fails with the error:

GPGError: GPG Failed, see log below:
===== Begin GnuPG log =====
gpg-agent[9188]: enabled debug flags: assuan
random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
outmix=0 getlvl1=0/0 getlvl2=0/0
secmem usage: 384/32768 bytes in 2 blocks
===== End GnuPG log =====

If on the other hand I give it the encryption key passphrase, the incremental 
backup works and everything goes through.

My question is: why do I need to provide my encryption key passphrase? Does 
duplicity need to decrypt anything? I would like those backups to be 
unattended, and obviously I wouldn't want to store the encryption key 
passphrase here.

I have tried the same process but using PASSPHRASE instead of SIGN_PASSPHRASE, 
and I have tried using both variables set. I have found the the incremental 
only works when PASSPHRASE is set to the encryption key's passphrase (and in 
those cases, it doesn't prompt for a passphrase).

I am using duplicity 0.6.19 from the Arch repositories.

Thanks in advance.
-- 
Etienne Perot
Signed using https://perot.me/pgp.asc (974E E250) on 2012-07-07 20:53:26.

signature.asc
Description: This is a digitally signed message part.

[Prev in Thread]

Current Thread

[Next in Thread]

[Duplicity-talk] Duplicity asking encrypt-key passphrase?, Etienne Perot <=
- Re: [Duplicity-talk] Duplicity asking encrypt-key passphrase?, edgar . soldin, 2012/07/08
  - Re: [Duplicity-talk] Duplicity asking encrypt-key passphrase?, Etienne Perot, 2012/07/08
    - Re: [Duplicity-talk] Duplicity asking encrypt-key passphrase?, edgar . soldin, 2012/07/08

Prev by Date: Re: [Duplicity-talk] Using rsync --partial-dir for resuming the copy operation
Next by Date: Re: [Duplicity-talk] Duplicity asking encrypt-key passphrase?
Previous by thread: [Duplicity-talk] Using rsync --partial-dir for resuming the copy operation
Next by thread: Re: [Duplicity-talk] Duplicity asking encrypt-key passphrase?
Index(es):
- Date
- Thread