[Duplicity-talk] how to correctly use sign-key

[Tim Riemenschneider]

How can you (reliably) use --sign-key (with --encrypt-key)?

I want to sign the backups with one key (which is located on the server)
and encrypt it with another (whose secret key should not be on the server).

I tested this locally (following some advise from thread
*[Duplicity-talk] how to tell duplicity to NOT sign (want to encrypt to
public key only)
<http://lists.gnu.org/archive/html/duplicity-talk/2008-05/msg00059.html>

I created two new keys (just for testing, so with trivial passwords)
Is is correct that --archive-dir is required for this (and should
therefore kept save, against what's said in the man-page)?

I tested it like this:
1) Full backup (/tmp/backuptest is empty)
address@hidden:~/.backup$ PASSPHRASE="sign" duplicity --encrypt-key 92AC19CD
--sign-key 873E6295 --archive-dir /tmp/arch --gpg-options
"--homedir=~/.backup" /home/tim/shared/ file:///tmp/backuptest
No signatures found, switching to full backup.
--------------[ Backup Statistics ]--------------
StartTime 1212099040.51 (Fri May 30 00:10:40 2008)
EndTime 1212099064.82 (Fri May 30 00:11:04 2008)
ElapsedTime 24.31 (24.31 seconds)
SourceFiles 4
SourceFileSize 29661160 (28.3 MB)
NewFiles 4
NewFileSize 29661160 (28.3 MB)
DeletedFiles 0
ChangedFiles 0
ChangedFileSize 0 (0 bytes)
ChangedDeltaSize 0 (0 bytes)
DeltaEntries 4
RawDeltaSize 196608 (192 KB)
TotalDestinationSizeChange 30060703 (28.7 MB)
Errors 0
-------------------------------------------------
===> only sign-password is needed

2) Inc. backup
address@hidden:~/.backup$ PASSPHRASE="sign" duplicity --encrypt-key 92AC19CD
--sign-key 873E6295 --archive-dir /tmp/arch --gpg-options
"--homedir=~/.backup" /home/tim/shared/ file:///tmp/backuptest
--------------[ Backup Statistics ]--------------
StartTime 1212099070.16 (Fri May 30 00:11:10 2008)
EndTime 1212099070.23 (Fri May 30 00:11:10 2008)
ElapsedTime 0.08 (0.08 seconds)
SourceFiles 4
SourceFileSize 29661160 (28.3 MB)
NewFiles 0
NewFileSize 0 (0 bytes)
DeletedFiles 0
ChangedFiles 0
ChangedFileSize 0 (0 bytes)
ChangedDeltaSize 0 (0 bytes)
DeltaEntries 0
RawDeltaSize 0 (0 bytes)
TotalDestinationSizeChange 2601 (2.54 KB)
Errors 0
-------------------------------------------------
===> works too

3) simulate a loss of the archive dir
address@hidden:~/.backup$ rm /tmp/arch/duplicity-*
address@hidden:~/.backup$ PASSPHRASE="sign" duplicity --encrypt-key 92AC19CD
--sign-key 873E6295 --archive-dir /tmp/arch --gpg-options
"--homedir=~/.backup" /home/tim/shared/ file:///tmp/backuptest
Fatal Error: Neither remote nor local manifest is readable.
===> we don't have a unencrypted manifest, so we can not continue.
3b) provide encrypt-secret key (-password):
address@hidden:~/.backup$ PASSPHRASE="encrypt" duplicity --encrypt-key
92AC19CD --sign-key 873E6295 --archive-dir /tmp/arch --gpg-options
"--homedir=~/.backup" /home/tim/shared/ file:///tmp/backuptest
Traceback (most recent call last):
  File "/usr/bin/duplicity", line 463, in <module>
    with_tempdir(main)
  File "/usr/bin/duplicity", line 458, in with_tempdir
    fn()
  File "/usr/bin/duplicity", line 451, in main
    incremental_backup(sig_chain)
  File "/usr/bin/duplicity", line 186, in incremental_backup
    bytes_written = write_multivol("inc", tarblock_iter, globals.backend)
  File "/usr/bin/duplicity", line 87, in write_multivol
    globals.gpg_profile,globals.volsize)
  File "/usr/lib/python2.5/site-packages/duplicity/gpg.py", line 219, in
GPGWriteFile
    file.write(block_iter.get_footer())
  File "/usr/lib/python2.5/site-packages/duplicity/gpg.py", line 125, in
write
    return self.gpg_input.write(buf)
IOError: [Errno 32] Broken pipe
address@hidden:~/.backup$ 
===> now we can read the encrypted manifest, however we can not
continue, since the password does not match the sign-key

How can I recover/continue from this?
Would it be possible to provide two different passwords?

cu
Tim