[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Duplicity-talk] Restore has trouble with multiple encryption keys
From: |
edgar . soldin |
Subject: |
Re: [Duplicity-talk] Restore has trouble with multiple encryption keys |
Date: |
Wed, 20 Jan 2016 11:57:43 +0100 |
User-agent: |
Mozilla/5.0 (Windows NT 5.1; rv:38.0) Gecko/20100101 Thunderbird/38.5.1 |
On 20.01.2016 00:46, Ezra Stevens wrote:
> Hi folks,
hey Ezra,
> I'd like to be able to rotate my encryption keys occasionally when
> using Duplicity (between backup chains only, not in the middle of a
> chain). This works fine when I restore to the same machine I backed up
> from, but not for restores to a different machine. Specifically, the
> restore will fail repeatedly as it tries to synchronize the cache,
> because it keeps trying to sync files that it can't decrypt with the
> key it's been given.
your diagnosis seems correct. be aware that there is a difference between a gpg
key and a gpg passphrase for symmetric encryption, which is what you are using.
>But if I give it different keys enough times, it
> will eventually sync the whole cache and then be able to restore
that's the current design - keeping unencrypted metadata about your remote
backups to minimize traffic and allow resuming in case of errors.
> properly (see shell transcript below). Is this a bug, or is what I'm
> trying to do completely unsupported?
in a way.. there is no way to feed more than one passphrase to gpg on the
command line and as nobody considered your use case before (obviously), there
are no routines to try a second , if the first fails.
>Is there a way to convince
> Duplicity to only sync the cache files for the chain it's actually
> trying to restore?
nope, it always sync all chains. note, you might want to restore from a
specific time. how would duplicity find that if it didn't parse all chains
first?
>Should Duplicity print a warning when a user tries
> to use different encryption keys within the same bucket?
don't think so. usually duplicity is run automatically via scripts and not by
hand, so this is a corner case. also, duplicity should already err out during
resuming an interrupted backup if the pass/key differs. but that is probably
the only time that is implemented.
finally - what you can try:
1. use gpg-agent for the restores. it will allow to enter several passphrases
during a gpg call.
2. simply switch backend folders/buckets when switching passphrases
..ede/duply.net