[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Duplicity-talk] Encrypt without the private key?
|
From: |
edgar . soldin |
|
Subject: |
Re: [Duplicity-talk] Encrypt without the private key? |
|
Date: |
Sat, 28 Mar 2015 19:15:13 +0100 |
|
User-agent: |
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0 |
first. why not encrypting against a machine specific pub/sec and your pub key?
if an atacker has access to the machine the data on it and any further backups
are under his command anyway.
..ede/duply.net
On 28.03.2015 16:15, Norbert Kéri wrote:
> I could not get it working with the workaround mentioned in the thread
> unfortunately. My system is already reporting eng-utf8:
>
>> echo $LANG
>> en_US.UTF-8
>
> I tried setting it to en_US.UTF8 (without the dash) to see if that might
> resolve it, but no, I still get asked for the private key.
>
> On Sat, Mar 28, 2015 at 4:02 PM, <address@hidden> wrote:
>
>> probably
>> https://bugs.launchpad.net/duplicity/+bug/687295
>>
>> ..ede
>>
>> On 28.03.2015 14:46, Norbert Kéri wrote:
>>> Hi,
>>>
>>> I'm trying with 0.7.02, without any wrappers.
>>>
>>> Just to confirm:
>>>
>>> In the list that "gpg --list-keys" provides, the line beginning with
>> "pub",
>>> is the ID of my public key, right?
>>>
>>> On Sat, Mar 28, 2015 at 2:37 PM, Aaron Whitehouse <
>> address@hidden>
>>> wrote:
>>>
>>>> Hi Norbert,
>>>>
>>>> I've tested this with duplicity 0.6.23 and it seems to work for me - I
>> can
>>>> encrypt to a key when the machine doesn't have the secret key and it
>> does
>>>> not prompt for a passphrase. Could you please try with a recent version
>> and
>>>> see if the problem persists?
>>>>
>>>> I have two guesses (without looking at the code) as to why it may prompt
>>>> for a passphrase but continue without one:
>>>> 1) it is trying to sign, even though you haven't asked it to; or
>>>> 2) it is trying to do some kind of encryption test before starting - I
>>>> think that duply does this, for example.
>>>>
>>>> Kind regards,
>>>>
>>>> Aaron
>>>>
>>>>
>>>> On 28/03/15 12:13, Norbert Kéri wrote:
>>>>
>>>> Hey,
>>>>
>>>> I'm trying to set up an unattended backup to S3, with the following
>>>> command:
>>>>
>>>> duplicity --progress --name mystuff --full-if-older-than 6M
>>>> --s3-unencrypted-connection --encrypt-key A6ACD7BF ./myfolder s3://
>>>> s3.eu-central-1.amazonaws.com/bucket/folder
>>>>
>>>> However, if I rerun the above command, I get:
>>>>
>>>> Local and Remote metadata are synchronized, no sync needed.
>>>> Last inc backup left a partial set, restarting.
>>>> Last full backup date: Sun Mar 22 16:54:42 2015
>>>>
>>>> Then it pops up a pinentry dialog, asking for the passphrase for my
>>>> private key. This surprised me, because I was expecting it to only ask
>> for
>>>> a passphrase when I restore files from the backup. Even more, if I just
>>>> cancel the pinentry password dialog, it successfully finishes the
>> backup,
>>>> so it's not even using the key?
>>>>
>>>> So what's happening here? Does duplicity need to decrypt some parts of
>>>> the previous backup, is that why it's asking for a key? Why does it
>>>> continue if I cancel the dialog then? I was thinking maybe it's trying
>> to
>>>> sign the backups, but I'm not using any of the signing switches, and it
>>>> doesn't do that by default?
>>>>
>>>> I have found some references to this problem, from a few years ago:
>>>>
>> http://lists.nongnu.org/archive/html/duplicity-talk/2012-07/msg00005.html
>>>> https://answers.launchpad.net/duplicity/+question/107216
>>>>
>>>> Is this still a problem?
>>>>
>>>>
>>>> _______________________________________________
>>>> Duplicity-talk mailing address@hidden://
>> lists.nongnu.org/mailman/listinfo/duplicity-talk
>>>>