duplicity-talk
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Duplicity-talk] Encrypt without the private key?

From: Aaron Whitehouse
Subject: Re: [Duplicity-talk] Encrypt without the private key?
Date: Sat, 28 Mar 2015 13:37:13 +0000
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0
Hi Norbert,

I've tested this with duplicity 0.6.23 and it seems to work for me - I can encrypt to a key when the machine doesn't have the secret key and it does not prompt for a passphrase. Could you please try with a recent version and see if the problem persists?

I have two guesses (without looking at the code) as to why it may prompt for a passphrase but continue without one:
1) it is trying to sign, even though you haven't asked it to; or
2) it is trying to do some kind of encryption test before starting - I think that duply does this, for example.

Kind regards,

Aaron

On 28/03/15 12:13, Norbert Kéri wrote:
Hey,

I'm trying to set up an unattended backup to S3, with the following command:

duplicity --progress --name mystuff --full-if-older-than 6M --s3-unencrypted-connection --encrypt-key A6ACD7BF ./myfolder s3://s3.eu-central-1.amazonaws.com/bucket/folder

However, if I rerun the above command, I get:

Local and Remote metadata are synchronized, no sync needed.
Last inc backup left a partial set, restarting.
Last full backup date: Sun Mar 22 16:54:42 2015

Then it pops up a pinentry dialog, asking for the passphrase for my private key. This surprised me, because I was expecting it to only ask for a passphrase when I restore files from the backup. Even more, if I just cancel the pinentry password dialog, it successfully finishes the backup, so it's not even using the key?

So what's happening here? Does duplicity need to decrypt some parts of the previous backup, is that why it's asking for a key? Why does it continue if I cancel the dialog then? I was thinking maybe it's trying to sign the backups, but I'm not using any of the signing switches, and it doesn't do that by default?

Is this still a problem?


_______________________________________________
Duplicity-talk mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/duplicity-talk
reply via email to
[Prev in Thread] Current Thread [Next in Thread]