On 14.07.2011 12:19, Chris Poole wrote:
> On Thu, Jul 14, 2011 at 9:38 AM, <
address@hidden> wrote:
>> On 13.07.2011 17:53, Chris Poole wrote:
>>> (Thus, it's very important to sign
>>> backups being stored in untrusted locations.)
>>
>> It is provided the public key used is published somewhere or in other ways available to a possible attacker. If you create a keypair just for your backup and keep it on the backup machine and in your secure storage (for restoring) you don't necessarily need it.
>>
>> On the other hand. Currently duplicity needs a private key to work reliably, so signing to it does no harm and can be seen as an extra lock for an intruder to pick. see
http://bugs.launchpad.net/duplicity/+bug/687295
>
> Thanks. I'm going to get used to signing my backups. I don't use cron
> to do them for me anyway.
>
> What I find annoying is that Duplicity asks me for my passphrase (when
> doing an incremental backup) 3 times. Surely once is enough, to
> decrypt my private key? (Using the same Key ID to encrypt and sign my
> backup.)
>
latest duplicity has the possibility to define env var SIGN_PASSPHRASE and PASSPHRASE. this way you don't have to input them manually.