[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Duplicity-talk] --file-to-restore without passphrase

From: edgar . soldin
Subject: Re: [Duplicity-talk] --file-to-restore without passphrase
Date: Sat, 11 Oct 2014 20:48:51 +0200
User-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.1.2

On 11.10.2014 20:04, Grant wrote:
>>> I built my encrypted backups without a passphrase by using
>>> --use-agent.
>> you mean that you enter the passphrase in the gpg-agent dialog everytime it 
>> pops up when it's needed, right?
> No, my backups are unattended so I don't want to enter a passphrase.
> I build them something like this in the crontab:
> duplicity --use-agent --encrypt-key=... --sign-key=... --include /etc
> --exclude "**" / file:///backups

ok, that's key encryption and looks fine.

>>> If I omit --use-agent, I am prompted for a passphrase and
>>> leaving it blank gives me "Cannot use empty passphrase with symmetric
>>> encryption!".
>> that's because you can't. gpg does simply not allow you to encrypt 
>> symmetrically against an empty passphrase. it has to be at least one 
>> character long technically.
>> why exactly do you use gpg-agent with symmetric encryption. that only leads 
>> to gpg-agent asking the password every time instead of gpg/duplicity. there 
>> is no safety gain there.
> I'd like duplicity to build backups unattended without a passphrase
> and I'm OK with anyone who has access to the private key having access
> to the backups.  Is my command above good for that?  If so, how do I
> decrypt?

try giving '--encrypt-key=... --sign-key=...' to the restore duplicity command 
line. that's the way how duplicity figures out that you initially encrypted 
against a key and want to check if the signature matches your signature key.

>> what is your duplicity version?
> I'm on 0.6.23-r1 on Gentoo.

please update to latest stable 0.6.24.. previous versions have serious bug 
leading to possible backup corruption on backup resuming. additionally 'verify' 
your current backups to see if they are proper.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]