[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Duplicity-talk] Changing gpg keyring to use
From: |
edgar . soldin |
Subject: |
Re: [Duplicity-talk] Changing gpg keyring to use |
Date: |
Sun, 8 Jan 2017 11:52:34 +0100 |
User-agent: |
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.6.0 |
Christian,
simply set duplicity parameter --gpg-options to tell gpg which folder to use as
settings folder for this run instead of the current user's $HOME. eg. to use
bernd's home
duplicity --gpg-options="--homedir ~bernd/" ...
..ede/duply.net
On January 8, 2017 10:01:58 AM GMT+01:00, "C. Enzmann via Duplicity-talk"
<address@hidden> wrote:
>Hi fellows,
>
>does anyone by chance know how I can provide a different user's secret
>keyring file to a restore process? I back up home directories with
>system's private and the user's public keys (--encrypt-key=BBBEEECC),
>thus I'd need the user's private key to restore. Since operation may
>need sudo/root it seems that only private keys in root's keyring are
>available to the duplicity or the gpg-agent. However, I must not
>provide
>them to root for data privacy reasons. For the same reasons adding
>root's key to a second --encrypt-key is not an option.
>
>An example:
># sudo -c "export PASSPHRASE=whatever; duplicity --use-agent
>--ssh-options="-oIdentityFile=/root/.ssh/id_duplicity"
>--encrypt-key=BBBEEECC --exclude-if-present .dupl_noBackup
>--exclude-filelist /etc/duplicity/files2ignore /home/userx/
>scp://address@hidden/BackUps/hostname.userx-BBBEEECC; unset
>PASSPHRASE"
>
>The user may issue
>$ sudo duplicity [verify|restore] --use-agent [--encrypt-secret-keyring
>
>/home/userx/.gnupg/secring.gpg --encrypt-key BBBEEECC
>--ssh-options="-oIdentityFile=/root/.ssh/id_duplicity"
>scp://address@hidden/BackUps/hostname.userx-BBBEEECC /home/userx
>duplicity 0.7.10 (August 20, 2016)
> :
>Found primary backup chain with matching signature chain:
> :
> Incremental Sat Jan 7 15:04:36 2017 1
> :
>GPGError: GPG Failed, see log below:
>===== Begin GnuPG log =====
>gpg: encrypted with 3072-bit RSA key, ID BBBEEECC, created 2013-12-15
>"userx <address@hidden>"
>gpg: decryption failed: No secret key
>===== End GnuPG log =====
>
>The --encrypt-secret-keyring was just a test, according to manpage I
>did
>not expect it really to work, but other attempts failed as well.
>
>Any help is highly appreciated.
>
>Best regards,
>Christian
>
>
>
>_______________________________________________
>Duplicity-talk mailing list
>address@hidden
>https://lists.nongnu.org/mailman/listinfo/duplicity-talk