[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Duplicity-talk] Duply and GPG passphrase in config file

From: edgar . soldin
Subject: Re: [Duplicity-talk] Duply and GPG passphrase in config file
Date: Fri, 22 Nov 2013 17:54:32 +0100
User-agent: Mozilla/5.0 (Windows NT 5.1; rv:24.0) Gecko/20100101 Thunderbird/24.1.1

On 22.11.2013 17:27, Rafael Beraldo wrote:
> Hello all,
> I'm using Duply as a duplicity front end and I quite like it. I'm not
> comfortable, however, with leaving my GPG passphrase in plain text in
> ~/.duply/*/conf. I'm not signing my backups, so I think there's no need for
> that -- or is there?

yes, it's needed to decrypt your backup repository in case your local archive 
dir is not in sync. also of course for listing files or restoring. in short, 
everytime something needs to be decrypted.

> How do you manage your passphrase? Do you create new keys just for the
> backups, or do you just change the permissions of the conf file? Maybe you
> feel that encrypting the /home partition is enough?  I'm interested to see
> how you deal with this.

first read this thread. 
he summed it up pretty good.

i'd suggest to go with passwordless keys per machine plus additionally 
encrypting against your own public key (you can define several keys to encrypt 
against). this way you make sure that you can decrypt your backup whatever 
happens. generally not necessary if you backup the duply profile folder, but it 
doesn't hurt.

the above is the easiest solution i am aware of currently.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]