Re: [Duplicity-talk] Encryption password selection

[Duplicity Mailing List]

On 08/12/14 18:26, Yves Goergen wrote:
> Am 08.12.2014 um 18:30 schrieb address@hidden:
>> for symmetric encryption passphrases anything from length of one
>> character up should work.
> 
> Okay. I've seen systems where a certain maximum length of a password
> must not be exceeded. And when using a password for encrpytion, there
> may be certain restrictions about how long a "key" must be. So if I
> specify some random 30 characters that's fine. (I keep them stored in a
> file, don't need to remember them.)

If you're storing your passphrase in a file, nor are planning to
actually remember the passphrase, why not use a keyfile? Seems
infinitely more logical (and secure).

> 
>> yes, you can encrypt symmetrically and sign the result with a key.
> 
> Oh, so signing is not possible if I don't use a key file. Which I never
> did. Didn't know it was possible. But I think I can only benefit the
> signature validation if I have the GnuPG key for restoring, so I might
> as well use that for encryption, too, instead of that PASSPHRASE
> environment variable that's not well explained.
> 

>$ export PASSPHRASE="abcdef"
>$ duplicity full a file://b
>$ cd b
>$ gpg2 --output difftar --decrypt *difftar.gpg

gpg: CAST5 encrypted data
>Pin entry: abcdef
gpg: encrypted with 1 passphrase