[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Duplicity-talk] a question on duplicity and gpg
From: |
edgar . soldin |
Subject: |
Re: [Duplicity-talk] a question on duplicity and gpg |
Date: |
Fri, 20 Nov 2020 11:32:24 +0100 |
User-agent: |
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Thunderbird/68.12.1 |
hey Giuliano,
On 11/20/2020 9:36, Giuliano Franchetti via Duplicity-talk wrote:
> Hello to all,
>
> after installing duplicity I find a new behaviour of gpg.
which duplicity, gpg versions?
that's not exactly caused by duplicity. gpg2 uses gpg-agent by default for all
password related stuff. duplicity enables '--pinentry-mode=loopback' for it's
gpg calls to prevent that.
you can research gpg documentation to find out how to disable gpg-agent or set
a very short password caching time (ttl).
> I have in my computer several files that I have gpg-encrypted and for
> accessing them
> I had to give a passphrase.
>
> After installing duplicity suddenly to access the files gpg encrypted it is
> not
> necessary a passphrase anymore. It seems that duplicity activate a gpg-agent
> that
> read the passphrase to automatize duplicity. At the moment I use duplicity
> with
> symmetric encryption because I save a backup in a disk in my home.
>
> This behaviour of gpg makes all the files I had unsafe as anybody entering
> in my computer
> can open any gpg encrypted file. Is it possible to use duplicity, but not
> having this effect?
>
you shouldn't leave your system unlocked then :). but yeah, obviously not what
you intended.
it's possible that you have a special combination of duplicity/gpg2 installed
that does not disable gpg-agent properly, but i need to know which versions you
are running.
it's also possible that gpg-agent is running from your manual gpg calls because
written that's the new default gpg2 behaviour.
..ede/duply.net