[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Duplicity-talk] Omission of functionality?
|
From: |
Andy |
|
Subject: |
[Duplicity-talk] Omission of functionality? |
|
Date: |
Wed, 2 Apr 2008 21:17:45 +0100 |
|
User-agent: |
KMail/1.9.6 |
I don't really see this as a bug. However, it would be nice if someone
could add the functionality outlined later.
Background
Making a full backup of my data with separate encryption and signing
keys was carried out successfully. However, the problems started when
first, I went to verify the backup and second when I tried to carry out
an incremental backup.
The problem during verify backup operation:
While trying to verify the integrity of the backup duplicity exited
abnormally with the error message that gpg had not been provided with a
pass phrase to decrypt the archive with the secret key.
Verify backup error
gpg: encrypted with 1024-bit ELG-E key, ID 437767F4, created 2007-12-21
"duplicityencrypt (duplicity encryption key)"
gpg: public key decryption failed: bad pass phrase
gpg: decryption failed: secret key not available
Analysis of the problem:
The error message is spot on; the PASSPHRASE variable has not been
changed because of course we are now trying to decrypt the backup with
the secret key. Changing the PASSPHRASE variable to that of the
encryption key results in a successful backup verification.
The problem during incremental backup operation:
While trying to carry out an incremental backup duplicity exited
abnormally with the error message that gpg had not been provided with a
pass phrase to decrypt the archive with the secret key.
Incremental backup error
Found a complete backup chain with matching signature chain:
-------------------------
Chain start time: Sat Mar 29 21:10:33 2008
Chain end time: Sat Mar 29 21:10:33 2008
Number of contained backup sets: 1
Total number of contained volumes: 202
Type of backup set: Time: Num volumes:
Full Sat Mar 29 21:10:33 2008 202
-------------------------
No orphaned or incomplete backup sets found.
Last full backup date: Sat Mar 29 21:10:33 2008
Using temporary directory /home/andy/tmp/duplicity-WSzE-d-tempdir
Registering (mktemp) temporary
file /home/andy/tmp/duplicity-WSzE-d-tempdir/mktemp-WF_xUP-1
Running 'scp -o IdentityFile=~/.ssh/duplicity_2048
address@hidden:/home/andy/backup/duplicity-full.2008-03-29T21:10:33Z.manifest.gpg
/home/andy/tmp/duplicity-WSzE-d-tempdir/mktemp-WF_xUP-1'
(attempt #1)
State = copying, Before = 'duplicity-full.2008-03-29T21:10:33Z.manifest.
0% 0 0.0KB/s --:--'
State = copying, Before = 'duplicity-full.2008-03-29T21:10:33Z.manifest.
100% 9642 9.4KB/s 00:00'
gpg: encrypted with 1024-bit ELG-E key, ID 437767F4, created 2007-12-21
"duplicityencrypt (duplicity encryption key)"
gpg: public key decryption failed: bad pass phrase
gpg: decryption failed: secret key not available
Fatal Error: Neither remote nor local manifest is readable.
Analysis of the problem
This is a compound error. Not only is it required to decrypt the backup
with the secret encryption key to determine what has changed it is also
necessary to sign the backup with the signature key but there are two
keys, two pass phrases and only one PASSPHRASE variable! Thus using
either the signing or encryption pass phrase will result in failure.
Solution
My interim solution is to simply make the encryption and signing keys
have the same pass phrase but this is not optimal.
As duplicity offers the options --encrypt-key and -sign-key it seems to
me that there is the implicit intention that two different keys and
hence two different pass phrases be used to encrypt and sign the backup.
To use the same pass phrase for both the encryption key and signing key
seems somewhat foolish from a security perspective.
The purpose of having separate signing and encryption keys is so that
the owner of the data can have their backups encrypted safely to their
public key (assuming they don't trust the administrator) and the
administrator can sign the backups with the signing key to validate
that the backup belongs to that particular system.
However, forcing you to use the same pass phrase for both encryption and
signing keys is exactly what duplicity forces you to do. The fact that
it does this wasn't immediately obvious and I can only think that this
is an oversight in the code.
Leaving aside the security issues of putting pass phrases in script
files or as plain text on the command line for a moment, would it be
possible to modify the code such that there could be ENCRYPT_PASSPHRASE
and SIGN_PASSPRASE variables passed to GPG to enable different pass
phrases to be used to permit greater flexibility in the operation of
duplicity?
Although Python looks like a relatively straightforward language to
learn I really don't have the time to do so and would be grateful if
someone more experienced could see if they could work up a patch to
implement this.
Regards
Andy
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Duplicity-talk] Omission of functionality?,
Andy <=