[Duplicity-talk] Questions regarding symmetric encryption/signing

[Eponymous -]

I'm reposting this as I haven't heard anything and don't know if it was because my original email didn't get through or not. I checked the archives and don't see it there either...

Thanks.

On 16 Jun 2015 15:24, "Eponymous -" <address@hidden> wrote:
>
> Hi,
>
> I have a question regarding Duplicity and symmetric encryption.
>
> Firstly, I've read through the man page for Duplicity and also the
> entire GPG document: http://www.gnupg.org/documentation/guides.html
>
> I noticed Duplicity has --encrypt-key and --sign-key options which
> confuse me slightly.
>
> From what I understand symmetric encryption would be the best choice
> for my use-case of Duplicity since it will only be I who accesses the
> backed up data.
>
> My first question is how does Duplicity implement this?
>
> Does it simply use the PASSPHRASE (as defined as a shell variable) to
> both encrypt and decrypt the data or is this passphrase the one used
> for unlocking the GPG keyring and I still need to setup up GPG keys
> first?
>
> This takes care of encryption, so on to signing:
>
> How can I utilize symmetric encryption but also sign everything I
> backup? Surely signing needs a Private key to sign the computed hash
> and a Public key to verify?
>
> Again, does this need to be set up in advance with GPG?
>
> For both questions I'm really interested on how I configure Duplicity
> to work as the command line options are somewhat confusing to me.
>
> This seems like a really great program and I hope you can bear with me
> if these questions seem obvious.
>
> Thanks again for your time,