[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Duplicity-talk] Duply and GPG passphrase in config file
From: |
edgar . soldin |
Subject: |
Re: [Duplicity-talk] Duply and GPG passphrase in config file |
Date: |
Fri, 22 Nov 2013 17:54:32 +0100 |
User-agent: |
Mozilla/5.0 (Windows NT 5.1; rv:24.0) Gecko/20100101 Thunderbird/24.1.1 |
On 22.11.2013 17:27, Rafael Beraldo wrote:
> Hello all,
>
> I'm using Duply as a duplicity front end and I quite like it. I'm not
> comfortable, however, with leaving my GPG passphrase in plain text in
> ~/.duply/*/conf. I'm not signing my backups, so I think there's no need for
> that -- or is there?
yes, it's needed to decrypt your backup repository in case your local archive
dir is not in sync. also of course for listing files or restoring. in short,
everytime something needs to be decrypted.
>
> How do you manage your passphrase? Do you create new keys just for the
> backups, or do you just change the permissions of the conf file? Maybe you
> feel that encrypting the /home partition is enough? I'm interested to see
> how you deal with this.
>
first read this thread.
http://lists.nongnu.org/archive/html/duplicity-talk/2011-09/msg00013.html
he summed it up pretty good.
i'd suggest to go with passwordless keys per machine plus additionally
encrypting against your own public key (you can define several keys to encrypt
against). this way you make sure that you can decrypt your backup whatever
happens. generally not necessary if you backup the duply profile folder, but it
doesn't hurt.
the above is the easiest solution i am aware of currently.
..ede/duply.net