[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Duplicity-talk] --file-to-restore without passphrase

From: Grant
Subject: Re: [Duplicity-talk] --file-to-restore without passphrase
Date: Sat, 11 Oct 2014 11:04:34 -0700

>> I built my encrypted backups without a passphrase by using
>> --use-agent.
> you mean that you enter the passphrase in the gpg-agent dialog everytime it 
> pops up when it's needed, right?

No, my backups are unattended so I don't want to enter a passphrase.
I build them something like this in the crontab:

duplicity --use-agent --encrypt-key=... --sign-key=... --include /etc
--exclude "**" / file:///backups

>>If I omit --use-agent, I am prompted for a passphrase and
>> leaving it blank gives me "Cannot use empty passphrase with symmetric
>> encryption!".
> that's because you can't. gpg does simply not allow you to encrypt 
> symmetrically against an empty passphrase. it has to be at least one 
> character long technically.
> why exactly do you use gpg-agent with symmetric encryption. that only leads 
> to gpg-agent asking the password every time instead of gpg/duplicity. there 
> is no safety gain there.

I'd like duplicity to build backups unattended without a passphrase
and I'm OK with anyone who has access to the private key having access
to the backups.  Is my command above good for that?  If so, how do I

> what is your duplicity version?

I'm on 0.6.23-r1 on Gentoo.

- Grant

reply via email to

[Prev in Thread] Current Thread [Next in Thread]