Re: [Duplicity-talk] Encryption failed (Code 2)

[edgar . soldin]

hi Vera,

please state your duplicity and gpg versions.

..ede/duply.net

On 20.02.2019 12:37, Vera Schmidt via Duplicity-talk wrote:
> Hi,
>
> I changed my OS to next Ubuntu LTS 18.04.
> First trial to use duplicity after some month with images ended with an error 
> - and I am not sure if the problem fits to the Duplicity-talk mails below 
> concerning GnuPG MDC errors.
>
> If it is the same problem: Can somebody tell me how to turn off MDC via gpg 
> options? Or where to get the information?
>
> Anyhow: Would be nice to get any tips.
> Thanks alot in advance
>
> Vera
>
>
> Encryption failed (Code 2).
> gpg: WARNUNG: Unsicheres Besitzverhältnis des Home-Verzeichnis 
> `/home/XXXX/.gnupg'
> gpg: "YYYYYYYY" wird als voreingestellter geheimer Signaturschlüssel benutzt
> [GNUPG:] KEY_CONSIDERED ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ A
> [GNUPG:] KEY_CONSIDERED CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC B
> [GNUPG:] BEGIN_SIGNING H8
> [GNUPG:] PINENTRY_LAUNCHED 7172 gnome3:curses 1.1.0 - xterm-256color :0
> gpg: Beglaubigung fehlgeschlagen: Unpassender IOCTL (I/O-Control) für das 
> Gerät
> [GNUPG:] BEGIN_ENCRYPTION 2 9
> [GNUPG:] FAILURE sign-encrypt 83918950
> gpg: /usr/bin/duply: sign+encrypt failed: Unpassender IOCTL (I/O-Control) für 
> das Gerät
>
> Hint:
>   This error means that gpg is probably misconfigured or not working
>   correctly. The error message above should help to solve the problem.
>   However, if for some reason duply should misinterpret the situation you
>   can define GPG_TEST='disabled' in the conf file to bypass the test.
>   Please do not forget to report the bug in order to resolve the problem
>   in future versions of duply.
>
>
>
> -------- Weitergeleitete Nachricht --------
> Betreff: Re: [Duplicity-talk] Ignoring GnuPG MDC errors
> Datum: Wed, 5 Sep 2018 15:42:21 -0500
> Von: Kenneth Loafman via Duplicity-talk <address@hidden>
> Antwort an: Discussion about duplicity backup <address@hidden>
> An: Discussion about duplicity backup <address@hidden>
> Kopie (CC): Kenneth Loafman <address@hidden>
>
> Hi,
>
> Prior to GNUpg 2.2.8, the MDC (modify detection code) was optional.  Now
> it's on by default.  Duplicity does a hash of the entire file so the MDC is
> duplication of effort.  Plus the effort is difficult when maintaining
> backwards compatibility.  I decided that other development was more
> important at this time, so turned off MDC via gpg options and got rid of
> the problem.  You are still protected by the hash stored in the manifest.
>
> ...Thanks,
> ...Ken
>
>
> On Tue, Sep 4, 2018 at 5:45 PM Leo Famulari via Duplicity-talk <
> address@hidden> wrote:
>
>> Hi,
>>
>> I'm curious about the resolution of bug #1780617 [0],
>> "test_sigchain_fileobj test fails when GnuPG >= 2.2.8".
>>
>> The bug was filed in response to a recent change in GnuPG that made gpg
>> check for integrity errors ("MDC errors") in encrypted archives by
>> default, and to consider integrity errors to be a hard failure.
>>
>> This change in GnuPG caused a test failure in Duplicity, and the
>> response was to unconditionally ignore the result of the integrity
>> check. [1]
>>
>> The Duplicity web page says, "Because duplicity uses GnuPG to encrypt
>> and/or sign these archives, they will be safe from spying and/or
>> modification by the server."
>>
>> I don't fully understand the impact of this change on Duplicity, or how
>> Duplicity stores and authenticates its archives. How does Duplicity
>> protect against modification of backup archives?
>>
>> [0] https://bugs.launchpad.net/duplicity/+bug/1780617
>>
>> [1]
>> https://bazaar.launchpad.net/~duplicity-team/duplicity/0.8-series/revision/1308
>> _______________________________________________
>> Duplicity-talk mailing list
>> address@hidden
>> https://lists.nongnu.org/mailman/listinfo/duplicity-talk
>>
>
>
> _______________________________________________
> Duplicity-talk mailing list
> address@hidden
> https://lists.nongnu.org/mailman/listinfo/duplicity-talk