Re: [Duplicity-talk] why is GPG passphrase requested twice?

[Tim Riemenschneider]

Kenneth Loafman schrieb:
> Dan Muresan wrote:
>   
>>> The passphrase isn't new; it's the passphrase for my existing GPG key.
>>>  So GPG already knows it; if I enter it incorrectly, GPG will return
>>> an error message.  What more do you need to detect errors?
>>>       
>> Normally, duplicity uses symmetric encryption with the specified passphrase.
>>
>> There are various options for working with GPG keys (which I don't
>> recall). Possibly your GPG key was never even touched.
>>     
>
> If you use the --encrypt-key option, duplicity assumes that you are
> encrypting to that public key, which has no password.  Without it,
> duplicity assumes symmetric encryption and requires a password.
>
> If you have a passphrase on your public key, duplicity will fail.
>
> ...Ken
>   

Working with keys with passphrases works when using an archive-directory
(which must be kept!)
See:
http://lists.gnu.org/archive/html/duplicity-talk/2008-05/msg00067.html
http://lists.gnu.org/archive/html/duplicity-talk/2008-05/msg00068.html

(in this thread I used two different keys for --encrypt-key and
--sign-key, both with passphrases (on their secret-keys of course))
Using this it's possible to create backups against a gpg-key, whose
secret part is nowhere on the system to be backuped. Furthermore one has
control over who can use these backups by using several --encrypt-key
options.
(To let gpg use this key, one has however set the trust on it. Either by
using gpg-options to trust it explicit (I don't remember which, I think
something like trust-model or the like), or by setting the trust-level
to ultimate with "gpg --edit-key")

cu
Tim