Re: [Duplicity-talk] Question about Using the Encrypt and Sign Keys

duplicity-talk

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Duplicity-talk] Question about Using the Encrypt and Sign Keys

From:	Charles Knowlton
Subject:	Re: [Duplicity-talk] Question about Using the Encrypt and Sign Keys
Date:	Tue, 24 Apr 2007 15:29:00 -0500

My VPS Host is using Virtuozzo.
I am the only user on my VPS Node.
I am not worried about other users or the host system operators.
I am thinking more if a hacker were to break into my VPS Node.

I trust my data to be on the VPS, but you never know when a hackermight break in.


Regards,
Charles Knowlton

On Apr 24, 2007, at 3:11 PM, Kenneth Loafman wrote:

Charles Knowlton wrote:
On Apr 24, 2007, at 2:20 PM, Kenneth Loafman wrote:
I don't see how that would work since gnupg would need access tothe keys in order to sign/en(de)crypt. If you can SSH to yourVPS, then your passphrase would not go over the net unencrypted.If you can't SSH, then is the connection encrypted some other way?
I can SSH to my VPS Server. The main thing I am trying to do iskeep my Keys used with Duplicity for Signing and Encryption, on myHome Unix Box for security. From what I have read there would beno way to keep my passphrase from being known within my VPSServer. Processes could be looked at, logs, etc. But if my Keysthat I use to Sign and Encrypt are on my Home Unix Box then if ahacker broke into my VPS Server they wouldn't be able to mess withmy backups. I send my backups to an off-site backup server andthen after that is done I use my SFTP Program on my Home Unix Boxto download the backups from the off-site backup server. I hopethis clears up what I am trying to do.
If you are sharing your VPS with another user, then yes, there is apossibility that another user would be able to see your passphrase.
If you're thinking that the host system operators would be able tosee them, then yes, the passphrase could be visible to them.However, a different VPS user would not be able to see into yourVPS unless the system they use for virtualization is broken. Doyou know what the host is running and what virtualization packagethey're running?
It all comes down to trust. If you trust the data to be on yourVPS, then why would you care more about the passphrase than the data?
...Ken

[Prev in Thread]

Current Thread

[Next in Thread]

[Duplicity-talk] Duplicity Maintenance, Kenneth Loafman, 2007/04/23
- Re: [Duplicity-talk] Duplicity Maintenance, Paul Walker, 2007/04/24
- Re: [Duplicity-talk] Duplicity Maintenance, Charles Knowlton, 2007/04/24
  - [Duplicity-talk] Question about Using the Encrypt and Sign Keys, Charles Knowlton, 2007/04/24
    - Message not available
    - Re: [Duplicity-talk] Question about Using the Encrypt and Sign Keys, Charles Knowlton, 2007/04/24
    - Re: [Duplicity-talk] Question about Using the Encrypt and Sign Keys, Kenneth Loafman, 2007/04/24
    - Re: [Duplicity-talk] Question about Using the Encrypt and Sign Keys, Charles Knowlton <=
    - Re: [Duplicity-talk] Question about Using the Encrypt and Sign Keys, Steven Willoughby, 2007/04/24
    - Re: [Duplicity-talk] Question about Using the Encrypt and Sign Keys, Gabriel Ambuehl, 2007/04/24
    - Re: [Duplicity-talk] Question about Using the Encrypt and Sign Keys, Kenneth Loafman, 2007/04/24
    - Re: [Duplicity-talk] Question about Using the Encrypt and Sign Keys, Charles Knowlton, 2007/04/24

Prev by Date: Re: [Duplicity-talk] Question about Using the Encrypt and Sign Keys
Next by Date: Re: [Duplicity-talk] Question about Using the Encrypt and Sign Keys
Previous by thread: Re: [Duplicity-talk] Question about Using the Encrypt and Sign Keys
Next by thread: Re: [Duplicity-talk] Question about Using the Encrypt and Sign Keys
Index(es):
- Date
- Thread