Re: [Duplicity-talk] Changing gpg keyring to use

duplicity-talk

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Duplicity-talk] Changing gpg keyring to use

From:	edgar . soldin
Subject:	Re: [Duplicity-talk] Changing gpg keyring to use
Date:	Sun, 8 Jan 2017 11:52:34 +0100
User-agent:	Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.6.0

Christian,

simply set duplicity parameter --gpg-options to tell gpg which folder to use as 
settings folder for this run instead of the current user's $HOME. eg. to use 
bernd's home

  duplicity --gpg-options="--homedir ~bernd/" ...

..ede/duply.net

On January 8, 2017 10:01:58 AM GMT+01:00, "C. Enzmann via Duplicity-talk" 
<address@hidden> wrote:
>Hi fellows,
>
>does anyone by chance know how I can provide a different user's secret 
>keyring file to a restore process? I back up home directories with 
>system's private and the user's public keys (--encrypt-key=BBBEEECC), 
>thus I'd need the user's private key to restore. Since operation may 
>need sudo/root it seems that only private keys in root's keyring are 
>available to the duplicity or the gpg-agent. However, I must not
>provide 
>them to root for data privacy reasons. For the same reasons adding 
>root's key to a second --encrypt-key is not an option.
>
>An example:
># sudo -c "export PASSPHRASE=whatever; duplicity  --use-agent 
>--ssh-options="-oIdentityFile=/root/.ssh/id_duplicity" 
>--encrypt-key=BBBEEECC --exclude-if-present .dupl_noBackup 
>--exclude-filelist /etc/duplicity/files2ignore /home/userx/ 
>scp://address@hidden/BackUps/hostname.userx-BBBEEECC; unset
>PASSPHRASE"
>
>The user may issue
>$ sudo duplicity [verify|restore] --use-agent [--encrypt-secret-keyring
>
>/home/userx/.gnupg/secring.gpg --encrypt-key BBBEEECC 
>--ssh-options="-oIdentityFile=/root/.ssh/id_duplicity" 
>scp://address@hidden/BackUps/hostname.userx-BBBEEECC /home/userx
>duplicity 0.7.10 (August 20, 2016)
>     :
>Found primary backup chain with matching signature chain:
>     :
>         Incremental         Sat Jan  7 15:04:36 2017                 1
>     :
>GPGError: GPG Failed, see log below:
>===== Begin GnuPG log =====
>gpg: encrypted with 3072-bit RSA key, ID BBBEEECC, created 2013-12-15
>"userx <address@hidden>"
>gpg: decryption failed: No secret key
>===== End GnuPG log =====
>
>The --encrypt-secret-keyring was just a test, according to manpage I
>did 
>not expect it really to work, but other attempts failed as well.
>
>Any help is highly appreciated.
>
>Best regards,
>Christian
>
>
>
>_______________________________________________
>Duplicity-talk mailing list
>address@hidden
>https://lists.nongnu.org/mailman/listinfo/duplicity-talk

[Prev in Thread]

Current Thread

[Next in Thread]

[Duplicity-talk] Duplicity does not cache gdocs verification code, Owen Jacob, 2017/01/05
- Re: [Duplicity-talk] Duplicity does not cache gdocs verification code, edgar . soldin, 2017/01/05
- Re: [Duplicity-talk] Duplicity does not cache gdocs verification code, Owen Jacob, 2017/01/05
  - [Duplicity-talk] Changing gpg keyring to use, C. Enzmann, 2017/01/08
    - Re: [Duplicity-talk] Changing gpg keyring to use, edgar . soldin <=
  - Re: [Duplicity-talk] Duplicity does not cache gdocs verification code, edgar . soldin, 2017/01/08
- Re: [Duplicity-talk] Duplicity does not cache gdocs verification code, Owen Jacob, 2017/01/08
  - Re: [Duplicity-talk] Duplicity does not cache gdocs verification code, edgar . soldin, 2017/01/09
- Re: [Duplicity-talk] Duplicity does not cache gdocs verification code, Owen Jacob, 2017/01/10

Prev by Date: [Duplicity-talk] Changing gpg keyring to use
Next by Date: Re: [Duplicity-talk] Duplicity does not cache gdocs verification code
Previous by thread: [Duplicity-talk] Changing gpg keyring to use
Next by thread: Re: [Duplicity-talk] Duplicity does not cache gdocs verification code
Index(es):
- Date
- Thread