[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Duplicity-talk] how to correctly use sign-key
|
From: |
Tim Riemenschneider |
|
Subject: |
Re: [Duplicity-talk] how to correctly use sign-key |
|
Date: |
Fri, 30 May 2008 01:41:45 +0200 |
|
User-agent: |
Mozilla-Thunderbird 2.0.0.14 (X11/20080509) |
Tim Riemenschneider schrieb:
> 3b) provide encrypt-secret key (-password):
> address@hidden:~/.backup$ PASSPHRASE="encrypt" duplicity --encrypt-key
> 92AC19CD --sign-key 873E6295 --archive-dir /tmp/arch --gpg-options
> "--homedir=~/.backup" /home/tim/shared/ file:///tmp/backuptest
> Traceback (most recent call last):
> File "/usr/bin/duplicity", line 463, in <module>
> with_tempdir(main)
> File "/usr/bin/duplicity", line 458, in with_tempdir
> fn()
> File "/usr/bin/duplicity", line 451, in main
> incremental_backup(sig_chain)
> File "/usr/bin/duplicity", line 186, in incremental_backup
> bytes_written = write_multivol("inc", tarblock_iter, globals.backend)
> File "/usr/bin/duplicity", line 87, in write_multivol
> globals.gpg_profile,globals.volsize)
> File "/usr/lib/python2.5/site-packages/duplicity/gpg.py", line 219, in
> GPGWriteFile
> file.write(block_iter.get_footer())
> File "/usr/lib/python2.5/site-packages/duplicity/gpg.py", line 125, in
> write
> return self.gpg_input.write(buf)
> IOError: [Errno 32] Broken pipe
> address@hidden:~/.backup$
> ===> now we can read the encrypted manifest, however we can not
> continue, since the password does not match the sign-key
>
> How can I recover/continue from this?
>
Ah, I found out myself:
We can simply decrypt the relevant files: (of course it's not a good
idea to specify the passphrase on the command-line with REAL
passphrases....)
address@hidden:/tmp/arch$ cp ../backuptest/*sigtar.gpg
../backuptest/*manifest.gpg .
address@hidden:/tmp/arch$ find -name "*.gpg" |xargs -n1 gpg --homedir
~/.backup --passphrase encrypt
You need a passphrase to unlock the secret key for
user: "backup encryption key"
4096-bit ELG-E key, ID F7370124, created 2008-05-29 (main key ID 92AC19CD)
gpg: encrypted with 4096-bit ELG-E key, ID F7370124, created 2008-05-29
"backup encryption key"
gpg: Signature made Fr 30 Mai 2008 00:36:58 CEST using DSA key ID 873E6295
gpg: Good signature from "backup sign key"
You need a passphrase to unlock the secret key for
user: "backup encryption key"
[....]
address@hidden:/tmp/arch$ ls
duplicity-full.2008-05-30T00:35:57+02:00.manifest
duplicity-full.2008-05-30T00:35:57+02:00.manifest.gpg
duplicity-full-signatures.2008-05-30T00:35:57+02:00.sigtar
duplicity-full-signatures.2008-05-30T00:35:57+02:00.sigtar.gpg
duplicity-inc.2008-05-30T00:35:57+02:00.to.2008-05-30T00:36:56+02:00.manifest
duplicity-inc.2008-05-30T00:35:57+02:00.to.2008-05-30T00:36:56+02:00.manifest.gpg
duplicity-new-signatures.2008-05-30T00:35:57+02:00.to.2008-05-30T00:36:56+02:00.sigtar
duplicity-new-signatures.2008-05-30T00:35:57+02:00.to.2008-05-30T00:36:56+02:00.sigtar.gpg
address@hidden:/tmp/arch$ gzip *.sigtar
address@hidden:/tmp/arch$ rm *.gpg
The last line is important, without it duplicity crashes:
address@hidden:~/.backup$ PASSPHRASE="sign" duplicity --encrypt-key 92AC19CD
--sign-key 873E6295 --archive-dir /tmp/arch --gpg-options
"--homedir=~/.backup" /home/tim/shared/ file:///tmp/backuptest
Traceback (most recent call last):
File "/usr/bin/duplicity", line 463, in <module>
with_tempdir(main)
File "/usr/bin/duplicity", line 458, in with_tempdir
fn()
File "/usr/bin/duplicity", line 390, in main
globals.archive_dir).set_values()
File "/usr/lib/python2.5/site-packages/duplicity/collections.py", line
497, in set_values
backup_chains)
File "/usr/lib/python2.5/site-packages/duplicity/collections.py", line
515, in set_matched_chain_pair
sig_chains = self.get_sorted_chains(sig_chains)
File "/usr/lib/python2.5/site-packages/duplicity/collections.py", line
696, in get_sorted_chains
assert len(chain_list) == 2
AssertionError
cu
Tim