|
From: | Colin Ryan |
Subject: | Re: [Duplicity-talk] Duplicity without Secret Key |
Date: | Thu, 09 Oct 2008 12:45:54 -0400 |
User-agent: | Thunderbird 2.0.0.17 (Windows/20080914) |
Andrew, et. al.I've got this working however I'm curious about the signing side. As previously stated I have a machine with a local keyring that has it's own initial key (public and private) and imported the public side of another external key.
Using the --sign-key=<external key>, --encrypt-key =<external key> I also have to use the --gpgoptions="--default-key=<local key> and the local keys passphrase and backups etc. work.
Now when I go ahead and import the private key of the external key (to allow for restore), I also use:
--sign-key=<external key> --encrypt-key=<external key>However I have to use the passphrase of the imported private key (which makes sense I suppose) but duplicity complains with a warning not an error that the backup was signed with the <local key> not the <external key>. The restore works but with the warning. Again I can envision why this occurs (one needs a complete public/private key pair for signing as well) but wondering if this is the expected behavour and if you see this kind of thing as well.
Thanks again folks. C Andrew Kohlsmith (lists) wrote:
On October 3, 2008 10:12:47 am Kenneth Loafman wrote:If you use --archive-dir=<localdir> then duplicity will not need to decrypt the manifest and sig files and should not need the secret key. I'm not sure this path has been tested, but it should work.This exactly how I use it (I encrypt with several keys, only one of which the duplicity server has the private key for), and it works fine with --archive-dir.-A. _______________________________________________ Duplicity-talk mailing list address@hidden http://lists.nongnu.org/mailman/listinfo/duplicity-talk
[Prev in Thread] | Current Thread | [Next in Thread] |