On 21.09.2010 16:26 CE(S)T, Martin Basting wrote:
I am exploring duplicity for a few days now, but is till have one question.
Why should i use the --sign-key command?
The only thing that i can imagine is that you can check the integrity of
the backup.
But does it has any other advantages? Because you have to place a
password in you script i would say that it even is unsecure.
I think you may not trust that signature if *your* server was hacked,
but you could very well trust it if only the backup location was hacked.
Although I believe it is very unlikely that somebody could manipulate
your backup in a reasonable way if it's entirely encrypted again. To
manipulate things, you usually read them and write back small modifications.