[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Duplicity-talk] how to tell duplicity to NOT sign (want to encrypt
From: |
Andrew Kohlsmith (lists) |
Subject: |
Re: [Duplicity-talk] how to tell duplicity to NOT sign (want to encrypt to public key only) |
Date: |
Tue, 27 May 2008 17:14:39 -0400 |
User-agent: |
KMail/1.9.6 (enterprise 0.20070907.709405) |
On May 27, 2008 04:44:21 pm Kenneth Loafman wrote:
> Just because it asks for a passphrase does not mean its going to sign
> it, for that you need --sign-key. It needs the passphrase in this case
> because it defaults to an incremental backup (it switches to full when
> it detects no previous backups). In order to do the incremental it has
> to be able to decrypt pieces of the previous backup, thus the request
> for the passphrase.
# for public key encryption (without signing!), no passphrase is required.
pubkey_only = (not globals.gpg_profile.sign_key and
globals.gpg_profile.recipients and
globals.encryption)
# cases where we do not need to get a passphrase:
# full: with pubkey enc. doesn't depend on old encrypted info
# inc and pubkey enc.: need a manifest, which the archive dir has unencrypted
# with encryption disabled
# listing files: needs a manifest, but the archive dir has that
# collection status only looks at a repository
Hmm, from the comments in the code, I need to keep an unencrypted manifest.
Thanks for clearing that up for me, I was misreading the comments. :-)
-A.