[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Duplicity-talk] duplicity incr - private key missing
From: |
edgar . soldin |
Subject: |
Re: [Duplicity-talk] duplicity incr - private key missing |
Date: |
Tue, 23 Nov 2010 22:30:59 +0100 |
User-agent: |
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101027 Thunderbird/3.1.6 |
On 23.11.2010 20:10, Tim Riemenschneider wrote:
Am 23.11.2010 13:49, address@hidden:
> In theory duplicity does not need the private key of a backups
> encryption public key for incremental backup anymore. This is possible
> due to the unencrypted contents of the archive dir.
>
> In practice a duply user now stumbled over the following. I can
> reproduce this.
>
> Generate a key pair. Export it.
> Delete the private key from your keyring.
> Do an initial backup with duplicity.
> Do a second backup or force an incremental backup. This fails with an
> error like
>
> "The matching private key is missing"
>
> What is going on here. Can somebody more familiar with the encryption
> code please confirm this behaviour. I tried version 0.6.06, 0.6.08 and
> 0.6.11 .. none works as expected.
>
> Commandline generated by duply is
>
> TMPDIR='/tmp'
> /srv/www/vhosts/jamoke.net/_apps/duplicity-0.6.06/bin/duplicity
> --encrypt-key DA3FEEDB --verbosity '4' --exclude-globbing-filelist
> '/srv/www/vhosts/jamoke.net/.duply/keytest/exclude' '~/duply_dev'
> 'file:///tmp/keyt3esrt'
>
> thanks ede/duply.net
That used to work sometimes. (I must admit that was in the old days when
the archive-dir was optional. I used this scenario then, but since I
All I can figure is that it seemed to work because of the bug described in my
last mail
http://lists.gnu.org/archive/html/duplicity-talk/2010-11/msg00034.html
re-imported the secret key (for a restore) and didn't remove it afterwards)
However the scenario was a bit different, I didn't try it with newer
duplicity (I don't know if it matters):
generate TWO key pairs, one encryption-key and one signing-key. Only
remove the secret-key of the encryption-keypair.
the duplicity-cmdline should be like:
duplicty --encrypt-key<id of the encrypt-key> --sign-key<id of the
sign-key> <remaining-options>
Can't see why I should redo the test. The signing is of no significance here.
Thanks for pointing out the archive restoration though. Already had forgotten
about it.
..ede/duply.net