[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Duplicity-talk] Why is duplicity asking for decryption passphrase o
From: |
Scott Hannahs |
Subject: |
Re: [Duplicity-talk] Why is duplicity asking for decryption passphrase on --encrypt-sign-key? |
Date: |
Thu, 26 Oct 2017 17:16:07 -0400 |
No there is no need to store a passphrase on the disk. Make a key specifically
for encrypting duplicity backups. Then the public key can be used for
encrypting the backups without need of a passphrase. Unless the local manifest
gets corrupted and a new manifest has to be downloaded and decrypted you should
not need the private key for backups either incremental or full.
> On Oct 26, 2017, at 3:30 PM, Michael Gardner via Duplicity-talk
> <address@hidden> wrote:
>
> Any ideas? Does everyone who runs duplicity incr as a cron job just store the
> passphrase on disk?
>
> On 10/03/2017 03:11 PM, Michael Gardner wrote:
>> On Aug 1, 2017, at 11:17, edgar . soldin wrote:
>>> when you are doing an incremental, there is a chance that decryption is
>>> needed
>>> (updating the archive dir cache, resuming ...) so it will ask for the
>>> passphrase.
>> I'm running duplicity incr as a cron job, and don't want to store the
>> encryption passphrase. I can set a bogus value for PASSPHRASE, but then
>> duplicity spits out an error message which triggers a cron mail, flooding my
>> mailbox and obscuring real errors. Is there a way to make duplicity not
>> prompt for a passphrase, and instead fail with an error message if it runs
>> into a situation that would require one? Failing that, can I somehow
>> suppress the "GPG Failed" error message without tossing everything from
>> stderr into /dev/null?
>
> _______________________________________________
> Duplicity-talk mailing list
> address@hidden
> https://lists.nongnu.org/mailman/listinfo/duplicity-talk