Re: [Duplicity-talk] Question about Using the Encrypt and Sign Keys

[Charles Knowlton]

On Apr 24, 2007, at 2:20 PM, Kenneth Loafman wrote:

> Charles Knowlton wrote:
> > I have created 2 different GnuPG keys on my VPS Server.  One used  
> > for signing and one used for encryption.
> > Both of the keys have a different passphrase.
> > On my home computer I have unix and I was wondering could I have  
> > shell a script from my home unix box
> > run Duplicity on my VPS and create the backups for me using the  
> > GnuPG Keys that I have on the VPS Server?
>
> As long as the keys are on the VPS server, yes.  Should be no problem.
>
> > Even better is, can I create 2 different GnuPG keys on my home  
> > unix box and use them to Sign and Encrypt my backups on
> > my VPS Server using Duplicity without passing my passphrase over  
> > the net?  Duplicity is installed on the VPS Server.
>
> I don't see how that would work since gnupg would need access to  
> the keys in order to sign/en(de)crypt.  If you can SSH to your VPS,  
> then your passphrase would not go over the net unencrypted.  If you  
> can't SSH, then is the connection encrypted some other way?
I can SSH to my VPS Server.  The main thing I am trying to do is keep  
my Keys used with Duplicity for Signing and Encryption, on my Home  
Unix Box for security.  From what I have read there would be no way  
to keep my passphrase from being known within my VPS Server.   
Processes could be looked at, logs, etc.  But if my Keys that I use  
to Sign and Encrypt are on my Home Unix Box then if a hacker broke  
into my VPS Server they wouldn't be able to mess with my backups.  I  
send my backups to an off-site backup server and then after that is  
done I use my SFTP Program on my Home Unix Box to download the  
backups from the off-site backup server.  I hope this clears up what  
I am trying to do.


> ...Ken

Regards,
Charles Knowlton