[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Duplicity-talk] --file-to-restore without passphrase
From: |
edgar . soldin |
Subject: |
Re: [Duplicity-talk] --file-to-restore without passphrase |
Date: |
Sat, 11 Oct 2014 20:48:51 +0200 |
User-agent: |
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.1.2 |
On 11.10.2014 20:04, Grant wrote:
>>> I built my encrypted backups without a passphrase by using
>>> --use-agent.
>>
>> you mean that you enter the passphrase in the gpg-agent dialog everytime it
>> pops up when it's needed, right?
>
>
> No, my backups are unattended so I don't want to enter a passphrase.
> I build them something like this in the crontab:
>
> duplicity --use-agent --encrypt-key=... --sign-key=... --include /etc
> --exclude "**" / file:///backups
>
ok, that's key encryption and looks fine.
>>> If I omit --use-agent, I am prompted for a passphrase and
>>> leaving it blank gives me "Cannot use empty passphrase with symmetric
>>> encryption!".
>>
>> that's because you can't. gpg does simply not allow you to encrypt
>> symmetrically against an empty passphrase. it has to be at least one
>> character long technically.
>>
>> why exactly do you use gpg-agent with symmetric encryption. that only leads
>> to gpg-agent asking the password every time instead of gpg/duplicity. there
>> is no safety gain there.
>
>
> I'd like duplicity to build backups unattended without a passphrase
> and I'm OK with anyone who has access to the private key having access
> to the backups. Is my command above good for that? If so, how do I
> decrypt?
>
try giving '--encrypt-key=... --sign-key=...' to the restore duplicity command
line. that's the way how duplicity figures out that you initially encrypted
against a key and want to check if the signature matches your signature key.
>> what is your duplicity version?
>
>
> I'm on 0.6.23-r1 on Gentoo.
please update to latest stable 0.6.24.. previous versions have serious bug
leading to possible backup corruption on backup resuming. additionally 'verify'
your current backups to see if they are proper.
..ede/duply.net
- [Duplicity-talk] --file-to-restore without passphrase, Grant, 2014/10/09
- Re: [Duplicity-talk] --file-to-restore without passphrase, edgar . soldin, 2014/10/11
- Re: [Duplicity-talk] --file-to-restore without passphrase, Grant, 2014/10/11
- Re: [Duplicity-talk] --file-to-restore without passphrase,
edgar . soldin <=
- Re: [Duplicity-talk] --file-to-restore without passphrase, Grant, 2014/10/11
- Re: [Duplicity-talk] --file-to-restore without passphrase, Grant, 2014/10/11
- Re: [Duplicity-talk] --file-to-restore without passphrase, edgar . soldin, 2014/10/11
- Re: [Duplicity-talk] --file-to-restore without passphrase, Grant, 2014/10/11
- Re: [Duplicity-talk] --file-to-restore without passphrase, edgar . soldin, 2014/10/11
- Re: [Duplicity-talk] --file-to-restore without passphrase, Grant, 2014/10/11
- Re: [Duplicity-talk] --file-to-restore without passphrase, edgar . soldin, 2014/10/12
- Re: [Duplicity-talk] --file-to-restore without passphrase, Grant, 2014/10/12
- Re: [Duplicity-talk] --file-to-restore without passphrase, edgar . soldin, 2014/10/11