Why is duplicity asking for decryption passphrase on --encrypt-sign-key?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Why is duplicity asking for decryption passphrase on --encrypt-sign-key?

duplicity-talk mailing list
When I use --encrypt-sign-key, it prompts:
"GnuPG passphrase for decryption:"

Encrypting with a public key does not use a pass, and just --encrypt-key
does not ask this, so whats going on?

I'm assuming the passphrase is discarded but I want to make sure that's
the case.

I'm using 0.7.12-1 from debian.

--
Ian Kelling | Senior Systems Administrator, Free Software Foundation
GPG Key: B125 F60B 7B28 7FF6 A2B7  DF8F 170A F0E2 9542 95DF
https://fsf.org | https://gnu.org

_______________________________________________
Duplicity-talk mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/duplicity-talk
Reply | Threaded
Open this post in threaded view
|

Re: Why is duplicity asking for decryption passphrase on --encrypt-sign-key?

duplicity-talk mailing list
On 7/28/2017 19:56, Ian Kelling via Duplicity-talk wrote:

> When I use --encrypt-sign-key, it prompts:
> "GnuPG passphrase for decryption:"
>
> Encrypting with a public key does not use a pass, and just --encrypt-key
> does not ask this, so whats going on?
>
> I'm assuming the passphrase is discarded but I want to make sure that's
> the case.
>
> I'm using 0.7.12-1 from debian.

hey Ian,

signing uses your private key
  https://www.gnupg.org/gph/en/manual/x135.html

hence the question for your passphrase.

you can easily circumvent it by using a machine key pair and just add your personal public key as additional encryption key.

..ede

_______________________________________________
Duplicity-talk mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/duplicity-talk
Reply | Threaded
Open this post in threaded view
|

Re: Why is duplicity asking for decryption passphrase on --encrypt-sign-key?

duplicity-talk mailing list

edgar.soldin--- via Duplicity-talk <[hidden email]> writes:

> On 7/28/2017 19:56, Ian Kelling via Duplicity-talk wrote:
>> When I use --encrypt-sign-key, it prompts:
>> "GnuPG passphrase for decryption:"
>>
>> Encrypting with a public key does not use a pass, and just --encrypt-key
>> does not ask this, so whats going on?
>>
>> I'm assuming the passphrase is discarded but I want to make sure that's
>> the case.
>>
>> I'm using 0.7.12-1 from debian.
>
> hey Ian,
>
> signing uses your private key
>   https://www.gnupg.org/gph/en/manual/x135.html
>
> hence the question for your passphrase.

It prompts twice:

GnuPG passphrase for decryption:

GnuPG passphrase for signing key:

So the first prompt does not appear to be for signing and my question
remains.

For full disclosure, I'm running these commands:

rm -rf /path/to/test_output; duplicity --encrypt-sign-key MY_PUBLIC_KEY_ID /path/to/test_input file:///path/to/test_output

and

rm -rf /path/to/test_output; duplicity --encrypt-key MY_PUBLIC_KEY_ID /path/to/test_input file:///path/to/test_output

>
> you can easily circumvent it by using a machine key pair and just add your personal public key as additional encryption key.
>
> ..ede
>

I'm not sure exactly what you mean. Please be more specific.

--
Ian Kelling | Senior Systems Administrator, Free Software Foundation
GPG Key: B125 F60B 7B28 7FF6 A2B7  DF8F 170A F0E2 9542 95DF
https://fsf.org | https://gnu.org

_______________________________________________
Duplicity-talk mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/duplicity-talk
Reply | Threaded
Open this post in threaded view
|

Re: Why is duplicity asking for decryption passphrase on --encrypt-sign-key?

duplicity-talk mailing list
In reply to this post by duplicity-talk mailing list

Ian Kelling via Duplicity-talk <[hidden email]> writes:

> When I use --encrypt-sign-key, it prompts:
> "GnuPG passphrase for decryption:"
>
> Encrypting with a public key does not use a pass, and just --encrypt-key
> does not ask this, so whats going on?
>
> I'm assuming the passphrase is discarded but I want to make sure that's
> the case.
>
> I'm using 0.7.12-1 from debian.

I added a print statement whenever duplicity calls gpg and confirmed
that it is not used or needed. It makes sense for duplicity to prompt
for decryption password in order to do an incremental backup, so I think
it's just a minor bug that it is prompting when not needed.

_______________________________________________
Duplicity-talk mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/duplicity-talk
Reply | Threaded
Open this post in threaded view
|

Re: Why is duplicity asking for decryption passphrase on --encrypt-sign-key?

duplicity-talk mailing list
On 31.07.2017 23:29, Ian Kelling via Duplicity-talk wrote:

>
> Ian Kelling via Duplicity-talk <[hidden email]> writes:
>
>> When I use --encrypt-sign-key, it prompts:
>> "GnuPG passphrase for decryption:"
>>
>> Encrypting with a public key does not use a pass, and just --encrypt-key
>> does not ask this, so whats going on?
>>
>> I'm assuming the passphrase is discarded but I want to make sure that's
>> the case.
>>
>> I'm using 0.7.12-1 from debian.
>
> I added a print statement whenever duplicity calls gpg and confirmed
> that it is not used or needed. It makes sense for duplicity to prompt
> for decryption password in order to do an incremental backup, so I think
> it's just a minor bug that it is prompting when not needed.
>

hey Ian,

right. duplicity does not let handle gpg binary the passphrase requesting but instead does so early based on the action you chose. see
  http://bazaar.launchpad.net/~duplicity-team/duplicity/0.8-series/view/head:/bin/duplicity#L98

when you are doing an incremental, there is a chance that decryption is needed (updating the archive dir cache, resuming ...) so it will ask for the passphrase.

..ede/duply.net


_______________________________________________
Duplicity-talk mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/duplicity-talk