Encrypted backups without secret key

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Encrypted backups without secret key

duplicity-talk mailing list
I've just started using duplicity 0.7.18.1 to backup my webserver.
I've generated a server key on my webserver and a backup key on another
host. The webserver encrypts the backups to the backup key and signs
them with the server key. This seems to work, and on the host that has
the secret backup key, I can restore the backup with duplicity.

However, during incremental backup I get an error because the secret
backup key is not available on the webserver. Is this way of using
duplicity unsupported? Should I be worried? I would prefer not having
the secret key on the webserver in the event of a compromise.

Below I've included the duplicity output when backing up my database.
FWIW I'm running Ubuntu 16.04 and backing up to B2. duplicity 0.7.18.1
was installed with pip install --user.

Best,
Mathias Rav


Local and Remote metadata are synchronized, no sync needed.
Last full backup date: Wed Oct 10 15:55:32 2018
Error processing remote manifest (duplicity-inc.20181010T135901Z.to.20181011T015639Z.manifest.gpg): GPG Failed, see log below:
===== Begin GnuPG log =====
gpg: encrypted with 4096-bit RSA key, ID redacted, created redacted
"redacted <redacted>"
gpg: decryption failed: secret key not available
===== End GnuPG log =====

--------------[ Backup Statistics ]--------------
StartTime 1539244622.19 (Thu Oct 11 09:57:02 2018)
EndTime 1539244622.30 (Thu Oct 11 09:57:02 2018)
ElapsedTime 0.11 (0.11 seconds)
SourceFiles 3
SourceFileSize 22737664 (21.7 MB)
NewFiles 1
NewFileSize 4096 (4.00 KB)
DeletedFiles 0
ChangedFiles 1
ChangedFileSize 22733341 (21.7 MB)
ChangedDeltaSize 0 (0 bytes)
DeltaEntries 2
RawDeltaSize 4675 (4.57 KB)
TotalDestinationSizeChange 3351 (3.27 KB)
Errors 0
-------------------------------------------------

_______________________________________________
Duplicity-talk mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/duplicity-talk
Reply | Threaded
Open this post in threaded view
|

Re: Encrypted backups without secret key

duplicity-talk mailing list
On 11.10.2018 10:12, Mathias Rav via Duplicity-talk wrote:

> I've just started using duplicity 0.7.18.1 to backup my webserver.
> I've generated a server key on my webserver and a backup key on another
> host. The webserver encrypts the backups to the backup key and signs
> them with the server key. This seems to work, and on the host that has
> the secret backup key, I can restore the backup with duplicity.
>
> However, during incremental backup I get an error because the secret
> backup key is not available on the webserver. Is this way of using
> duplicity unsupported? Should I be worried? I would prefer not having
> the secret key on the webserver in the event of a compromise.
>
> Below I've included the duplicity output when backing up my database.
> FWIW I'm running Ubuntu 16.04 and backing up to B2. duplicity 0.7.18.1
> was installed with pip install --user.
>

tl;dr

use the double key approach. create a key pair (without passphrase) for this machine only and encrypt against this and your personal public key (give multiple '--encrypt-key key-id', see man page).

reason

duplicity needs to decrypt during synchronization/verify. that can only be done with a matching private key. previously it was possible to run w/o a private key but that is error prone
  https://bugs.launchpad.net/duplicity/+bug/687295
.

regards ..ede/duply.net




_______________________________________________
Duplicity-talk mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/duplicity-talk