[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Duplicity-talk] Questions regarding symmetric encryption/signing

From: edgar . soldin
Subject: Re: [Duplicity-talk] Questions regarding symmetric encryption/signing
Date: Thu, 25 Jun 2015 14:15:21 +0200
User-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0

On 25.06.2015 14:04, Eponymous - wrote:
> I'm reposting this as I haven't heard anything and don't know if it was 
> because my original email didn't get through or not. I checked the archives 
> and don't see it there either...
> Thanks.
> On 16 Jun 2015 15:24, "Eponymous -" <address@hidden <mailto:address@hidden>> 
> wrote:
>> Hi,
>> I have a question regarding Duplicity and symmetric encryption.
>> Firstly, I've read through the man page for Duplicity and also the
>> entire GPG document: http://www.gnupg.org/documentation/guides.html
>> I noticed Duplicity has --encrypt-key and --sign-key options which
>> confuse me slightly.
>> From what I understand symmetric encryption would be the best choice
>> for my use-case of Duplicity since it will only be I who accesses the
>> backed up data.
>> My first question is how does Duplicity implement this?
>> Does it simply use the PASSPHRASE (as defined as a shell variable) to
>> both encrypt and decrypt the data or is this passphrase the one used
>> for unlocking the GPG keyring and I still need to setup up GPG keys
>> first?

duplicity utilizes the command line binary gpg which only supports piping on 
passphrase. so both of the above is true.
if no key is given the passphrase is used for symmetric de/encryption. if one 
is givenit's used to unlock the keys for decryption or sigining. 

>> This takes care of encryption, so on to signing:
>> How can I utilize symmetric encryption but also sign everything I
>> backup? Surely signing needs a Private key to sign the computed hash
>> and a Public key to verify?

let me point you to "a Note on Symmetric Encryption and Signing"
which seems to have slipped your man page reading ;)

>> Again, does this need to be set up in advance with GPG?
>> For both questions I'm really interested on how I configure Duplicity
>> to work as the command line options are somewhat confusing to me.
>> This seems like a really great program and I hope you can bear with me
>> if these questions seem obvious.

how about using http://duply.net which takes care to generate the proper 
command lines for you?


reply via email to

[Prev in Thread] Current Thread [Next in Thread]