Re: [Duplicity-talk] Encrypt without the private key?

duplicity-talk

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Duplicity-talk] Encrypt without the private key?

From:	edgar . soldin
Subject:	Re: [Duplicity-talk] Encrypt without the private key?
Date:	Mon, 30 Mar 2015 11:42:20 +0200
User-agent:	Mozilla/5.0 (Windows NT 5.1; rv:31.0) Gecko/20100101 Thunderbird/31.5.0

Norbert,

please take the time to familiarize yourself with gnupg. i am quite busy 
myself. also read the duplicity manpage, parameter '--encrypt-key'
 http://duplicity.nongnu.org/duplicity.1.html

for now suffice to say that you can encrypt against multiple public keys, for 
different private keys (persons, machines) to decrypt.

..ede/duply.net

On 29.03.2015 20:56, Norbert Kéri wrote:
> Sorry I'm not familiar with PGP, this is my first time I'm using it. Can
> you elaborate a bit about what do you mean using a machine specific key and
> my public key?
> 
> On Sat, Mar 28, 2015 at 7:15 PM, <address@hidden> wrote:
> 
>> first. why not encrypting against a machine specific pub/sec and your pub
>> key? if an atacker has access to the machine the data on it and any further
>> backups are under his command anyway.
>>
>> ..ede/duply.net
>>
>> On 28.03.2015 16:15, Norbert Kéri wrote:
>>> I could not get it working with the workaround mentioned in the thread
>>> unfortunately. My system is already reporting eng-utf8:
>>>
>>>> echo $LANG
>>>> en_US.UTF-8
>>>
>>> I tried setting it to en_US.UTF8 (without the dash) to see if that might
>>> resolve it, but no, I still get asked for the private key.
>>>
>>> On Sat, Mar 28, 2015 at 4:02 PM, <address@hidden> wrote:
>>>
>>>> probably
>>>>  https://bugs.launchpad.net/duplicity/+bug/687295
>>>>
>>>> ..ede
>>>>
>>>> On 28.03.2015 14:46, Norbert Kéri wrote:
>>>>> Hi,
>>>>>
>>>>> I'm trying with 0.7.02, without any wrappers.
>>>>>
>>>>> Just to confirm:
>>>>>
>>>>> In the list that "gpg --list-keys" provides, the line beginning with
>>>> "pub",
>>>>> is the ID of my public key, right?
>>>>>
>>>>> On Sat, Mar 28, 2015 at 2:37 PM, Aaron Whitehouse <
>>>> address@hidden>
>>>>> wrote:
>>>>>
>>>>>>  Hi Norbert,
>>>>>>
>>>>>> I've tested this with duplicity 0.6.23 and it seems to work for me - I
>>>> can
>>>>>> encrypt to a key when the machine doesn't have the secret key and it
>>>> does
>>>>>> not prompt for a passphrase. Could you please try with a recent
>> version
>>>> and
>>>>>> see if the problem persists?
>>>>>>
>>>>>> I have two guesses (without looking at the code) as to why it may
>> prompt
>>>>>> for a passphrase but continue without one:
>>>>>> 1) it is trying to sign, even though you haven't asked it to; or
>>>>>> 2) it is trying to do some kind of encryption test before starting - I
>>>>>> think that duply does this, for example.
>>>>>>
>>>>>> Kind regards,
>>>>>>
>>>>>> Aaron
>>>>>>
>>>>>>
>>>>>> On 28/03/15 12:13, Norbert Kéri wrote:
>>>>>>
>>>>>>   Hey,
>>>>>>
>>>>>>  I'm trying to set up an unattended backup to S3, with the following
>>>>>> command:
>>>>>>
>>>>>> duplicity --progress --name mystuff --full-if-older-than 6M
>>>>>> --s3-unencrypted-connection --encrypt-key A6ACD7BF ./myfolder s3://
>>>>>> s3.eu-central-1.amazonaws.com/bucket/folder
>>>>>>
>>>>>>  However, if I rerun the above command, I get:
>>>>>>
>>>>>> Local and Remote metadata are synchronized, no sync needed.
>>>>>> Last inc backup left a partial set, restarting.
>>>>>> Last full backup date: Sun Mar 22 16:54:42 2015
>>>>>>
>>>>>> Then it pops up a pinentry dialog, asking for the passphrase for my
>>>>>> private key. This surprised me, because I was expecting it to only ask
>>>> for
>>>>>> a passphrase when I restore files from the backup. Even more, if I
>> just
>>>>>> cancel the pinentry password dialog, it successfully finishes the
>>>> backup,
>>>>>> so it's not even using the key?
>>>>>>
>>>>>>  So what's happening here? Does duplicity need to decrypt some parts
>> of
>>>>>> the previous backup, is that why it's asking for a key? Why does it
>>>>>> continue if I cancel the dialog then? I was thinking maybe it's trying
>>>> to
>>>>>> sign the backups, but I'm not using any of the signing switches, and
>> it
>>>>>> doesn't do that by default?
>>>>>>
>>>>>>  I have found some references to this problem, from a few years ago:
>>>>>>
>>>>
>> http://lists.nongnu.org/archive/html/duplicity-talk/2012-07/msg00005.html
>>>>>> https://answers.launchpad.net/duplicity/+question/107216
>>>>>>
>>>>>>  Is this still a problem?
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Duplicity-talk mailing address@hidden://
>>>> lists.nongnu.org/mailman/listinfo/duplicity-talk
>>>>>>
>>
>> _______________________________________________
>> Duplicity-talk mailing list
>> address@hidden
>> https://lists.nongnu.org/mailman/listinfo/duplicity-talk
>>
> 
> 
> 
> 
> 
> _______________________________________________
> Duplicity-talk mailing list
> address@hidden
> https://lists.nongnu.org/mailman/listinfo/duplicity-talk
>

[Prev in Thread]

Current Thread

[Next in Thread]

[Duplicity-talk] Encrypt without the private key?, Norbert Kéri, 2015/03/28
- Re: [Duplicity-talk] Encrypt without the private key?, Aaron Whitehouse, 2015/03/28
  - Re: [Duplicity-talk] Encrypt without the private key?, Norbert Kéri, 2015/03/28
    - Re: [Duplicity-talk] Encrypt without the private key?, edgar . soldin, 2015/03/28
    - Re: [Duplicity-talk] Encrypt without the private key?, Norbert Kéri, 2015/03/28
    - Re: [Duplicity-talk] Encrypt without the private key?, edgar . soldin, 2015/03/28
    - Re: [Duplicity-talk] Encrypt without the private key?, Norbert Kéri, 2015/03/29
    - Re: [Duplicity-talk] Encrypt without the private key?, edgar . soldin <=

Prev by Date: Re: [Duplicity-talk] Encrypt without the private key?
Next by Date: Re: [Duplicity-talk] does duplicity check for missing difftar files on backup?
Previous by thread: Re: [Duplicity-talk] Encrypt without the private key?
Next by thread: [Duplicity-talk] does duplicity check for missing difftar files on backup?
Index(es):
- Date
- Thread