[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Duplicity-talk] Why does duplicity need to access my secret key rin
From: |
ry4an-duplicity |
Subject: |
Re: [Duplicity-talk] Why does duplicity need to access my secret key ring? |
Date: |
Sat, 11 Jan 2003 03:25:58 -0600 |
User-agent: |
Mutt/1.4i |
On Sat, Jan 11, 2003 at 01:06:36AM -0800, Ben Escoto wrote:
> >>>>> "RB" == ry4an-duplicity <address@hidden>
> >>>>> wrote the following on Fri, 10 Jan 2003 16:19:44 -0600
>
> RB> I'm backing up using duplicity, but I'm providing a password not
> RB> associated with my public/private key pair. Thus, so far as I
> RB> understand it, there should be no reason for gpg, and thus
> RB> duplicity, to access my secring.gpg. I know I don't provide the
> RB> password necessary to unlock the secring.gpg, so it can't be
> RB> doing much with it.
>
> This is probably a dumb suggestion, but is it possible you are just
> backing up your .gnupg directory?
You know, I wasn't thinking to exclude that which explains the stat and
readlink, but the requirement is still there even with it excluded.
> RB> I ran a backup through strace to see if I could find the line
> RB> where gpg is exec()ed in hopes of seeing how gpg was invoked,
> RB> but since duplicity uses a python module that's dynamically
> RB> linked to gpg there's no exec().
>
> The duplicity's gpg.py module uses the GnuPGInterface.py module
> (written by Frank Tobin) which just exec's the gnupg binary. There is
> no dynamic linking.
You're right. I ran strace again with '-f' to track forks and now I can
see the gpg invocation. It looks like gpg is throwing a warning on the
non-readable secring.gpg that gpg.py is taking to be fatal. Perhaps I
can wrap gpg in a script that filters out the warning and associated
non-zero exit value.
I suppose I should talk to the gnupg folks about getting rid of the
secring.gpg check when symmetric encryption is used.
Thanks for your help,
--
Ry4an Brase - http://ry4an.org /~\
'If you're not a rebel when you're 20 you've got no heart; if \ /
you're not establishment when you're 30 you've got no brain.' X
Join the ASCII ribbon campaign against HTML email / \