[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Duplicity-talk] man page --sign-key should state to use signing subkey
From: |
Chris Poole |
Subject: |
[Duplicity-talk] man page --sign-key should state to use signing subkey explicitly |
Date: |
Sun, 24 Jul 2011 17:21:34 +0100 |
Hi
I've just encountered the following situation:
I have used Duplicity (0.6.14) with --sign-key and --encrypt-key, both
using the same key ID, my main ID.
My keys look like this:
- main key
- encryption subkey
- signing subkey
When Duplicity passes signing and encryption duties to gpg, gpg
automatically chooses the encryption and signing subkeys.
When I come to restore the backup though, Duplicity starts decrypting
the archive (ostensibly succeeding), but then fails, with this
message:
Volume was signed by key SIGNING_SUBKEY, not MAIN_KEY.
If I change Duplicity's --sign-key argument for the restore to the
subkey, then the restore works correctly.
To prevent user confusion, I think it would be best to suggest to
users in the man page that when using --sign-key, explicitly give the
ID of the signing subkey if it isn't your main key ID.
Thoughts?
Cheers,
Chris Poole
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Duplicity-talk] man page --sign-key should state to use signing subkey explicitly,
Chris Poole <=