Re: [Duplicity-talk] Different session key for each backup volume?

[Chris Poole]

On Fri, Jun 24, 2011 at 2:21 PM, Kenneth Loafman <address@hidden> wrote:
> That's how PGP works.  I looked up GPG and could find no reference to
> session key or similar.

>From the gpg manual:

> --show-session-key
>        Display the session key used for one message. See 
> --override-session-key for the counterpart of this option.
>
>        We  think  that Key Escrow is a Bad Thing; however the user should 
> have the freedom to decide whether to go to prison or to reveal the content of
>        one specific message without compromising all messages ever encrypted 
> for one secret key. DON'T USE IT UNLESS YOU ARE REALLY FORCED TO DO SO.

My interest in this, although entirely academic, is simply that if I was forced
to reveal some file I have backed up, I could produce the session key
for one backup volume (again, imagining it holding
only one file, or something rediculous like that) only. My private key
would be safe, as would all other encrypted volumes.

(i.e., if I was forced to reveal a file, I could give the session key to show
that file only, and wouldn't have to give up the passphrase securing my gpg
keys.)

> There is no GPG library per se, at least from Gnu, so duplicity is forced to
> go through the CLI as well.
>
> Note, there may be one now.  There was not when duplicity was first written.

OK, thank you.

> I'm sure duplicity could do this on it's own.  I just don't see the need.

Yes, I certainly don't want it to use the same session key for each encrypted
volume.

Thanks for the replies, sorry for any confusion.


Chris