duplicity-talk
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Duplicity-talk] strategy for error: sign+encrypt failed: unusable p

From: Colin Ryan
Subject: Re: [Duplicity-talk] strategy for error: sign+encrypt failed: unusable public key
Date: Wed, 22 Oct 2008 11:29:32 -0400
User-agent: Thunderbird 2.0.0.17 (Windows/20080914)
I may be missing something as I'll admit I've been too lazy to look closely at this thread, but that seems to be a similar warning I get when dealing with running duplicity from remote systems that don't have the private key of the crypt key on them. In that case so long as I sign the key with that system local key (which has a private) and additionally specify the --gpgoptions of --default-key and provide the HEX of the key that signed the public side of the crypto key that warning went away. 

C

address@hidden wrote:
any suggestion on the tow ways of preventing it? ... Which route would you suggest (detection or circumvention)? to say .. not to use the --always-trust gpg switch .. which still prints out a warning in verbose 5 
or better detect the trust issue and ask the user top resolve it first?
here one and the same 'gpg --always-trust' enabled job with and -v 4 & then -v 5 .. although it is no error it would be nice to have the warning printed at -v 4 as well 

regards ede
--
h81501:/srv/www/jamoke.net # PATH=~jamoke/_apps/duplicity-0.5.02/bin/:$PATH ./ftplicity_1.4.1/ftplicity.sh bhoweb_13b bkp -v4 
Start ftplicity.sh v1.4.1b, time is 10/22/08 16:32:48.
Using profile '/etc/ftplicity/bhoweb_13b'.
Using installed duplicity version 0.5.02 (OK).

--- Start running command BKP (16:32:49.281) ---
Running duplicity - OK
Output: NcFTP version is 3.2.0
Reading globbing filelist /etc/ftplicity/bhoweb_13b/exclude
Last full backup date: Mon Oct 20 10:25:34 2008
--------------[ Backup Statistics ]--------------
StartTime 1224685980.63 (Wed Oct 22 16:33:00 2008)
EndTime 1224686084.37 (Wed Oct 22 16:34:44 2008)
ElapsedTime 103.74 (1 minute 43.74 seconds)
SourceFiles 10921
SourceFileSize 1199374069 (1.12 GB)
NewFiles 0
NewFileSize 0 (0 bytes)
DeletedFiles 0
ChangedFiles 3
ChangedFileSize 597239812 (570 MB)
ChangedDeltaSize 0 (0 bytes)
DeltaEntries 3
RawDeltaSize 11539 (11.3 KB)
TotalDestinationSizeChange 3812 (3.72 KB)
Errors 0
-------------------------------------------------
--- Finished (16:34:46.205) Runtime 00:01:56.924 ---
h81501:/srv/www/jamoke.net # PATH=~jamoke/_apps/duplicity-0.5.02/bin/:$PATH ./ftplicity_1.4.1/ftplicity.sh bhoweb_13b bkp -v5 
Start ftplicity.sh v1.4.1b, time is 10/22/08 16:36:11.
Using profile '/etc/ftplicity/bhoweb_13b'.
Using installed duplicity version 0.5.02 (OK).

--- Start running command BKP (16:36:12.541) ---
Running duplicity - OK
Output: NcFTP version is 3.2.0
Using temporary directory /tmp/duplicity-hR1s-r-tempdir
Reading globbing filelist /etc/ftplicity/bhoweb_13b/exclude
Reading results of 'ncftpls -f /tmp/duplicity-hR1s-r-tempdir/mkstemp-xfkUHm-1 -F -t 30 -l 'ftp://backup.serverkompetenz.de/bho13b/'' Reading results of 'ncftpls -x '' -f /tmp/duplicity-hR1s-r-tempdir/mkstemp-xfkUHm-1 -F -t 30 'ftp://backup.serverkompetenz.de/bho13b/'' 
Last full backup date: Mon Oct 20 10:25:34 2008
Running 'ncftpget -f /tmp/duplicity-hR1s-r-tempdir/mkstemp-xfkUHm-1 -F -t 30 -V -C 'backup.serverkompetenz.de' 'bho13b/duplicity-inc.2008-10-22T16_29_28+02_00.to.2008-10-22T16_32_49+02_00.manifest.gpg' '/tmp/duplicity-hR1s-r-tempdir/mktemp-RbWkRw-2'' (attempt #1) 
gpg: encrypted with 2048-bit ELG-E key, ID 8BBFE27F, created 2007-12-17
     "bho duplicity"
gpg: Signature made Wed Oct 22 16:34:44 2008 CEST using DSA key ID FFF83736 
gpg: Good signature from "bho duplicity"
gpg: WARNING: Using untrusted key!
Running 'ncftpget -f /tmp/duplicity-hR1s-r-tempdir/mkstemp-xfkUHm-1 -F -t 30 -V -C 'backup.serverkompetenz.de' 'bho13b/duplicity-full-signatures.2008-10-20T10_25_34+02_00.sigtar.gpg' '/tmp/duplicity-hR1s-r-tempdir/mktemp-zdvqfr-4'' (attempt #1) Running 'ncftpget -f /tmp/duplicity-hR1s-r-tempdir/mkstemp-xfkUHm-1 -F -t 30 -V -C 'backup.serverkompetenz.de' 'bho13b/duplicity-new-signatures.2008-10-20T10_25_34+02_00.to.2008-10-22T02_00_07+02_00.sigtar.gpg' '/tmp/duplicity-hR1s-r-tempdir/mktemp-dT8-No-5'' (attempt #1) Running 'ncftpget -f /tmp/duplicity-hR1s-r-tempdir/mkstemp-xfkUHm-1 -F -t 30 -V -C 'backup.serverkompetenz.de' 'bho13b/duplicity-new-signatures.2008-10-22T02_00_07+02_00.to.2008-10-22T16_26_22+02_00.sigtar.gpg' '/tmp/duplicity-hR1s-r-tempdir/mktemp-xonH7k-6'' (attempt #1) Running 'ncftpget -f /tmp/duplicity-hR1s-r-tempdir/mkstemp-xfkUHm-1 -F -t 30 -V -C 'backup.serverkompetenz.de' 'bho13b/duplicity-new-signatures.2008-10-22T16_26_22+02_00.to.2008-10-22T16_29_28+02_00.sigtar.gpg' '/tmp/duplicity-hR1s-r-tempdir/mktemp-byHhJD-7'' (attempt #1) Running 'ncftpget -f /tmp/duplicity-hR1s-r-tempdir/mkstemp-xfkUHm-1 -F -t 30 -V -C 'backup.serverkompetenz.de' 'bho13b/duplicity-new-signatures.2008-10-22T16_29_28+02_00.to.2008-10-22T16_32_49+02_00.sigtar.gpg' '/tmp/duplicity-hR1s-r-tempdir/mktemp-hbRoR_-8'' (attempt #1) 
AsyncScheduler: instantiating at concurrency 0
Generating delta - changed file: bho_app_access.log
gpg: encrypted with 2048-bit ELG-E key, ID 8BBFE27F, created 2007-12-17
     "bho duplicity"
gpg: Signature made Wed Oct 22 16:34:45 2008 CEST using DSA key ID FFF83736 
gpg: Good signature from "bho duplicity"
gpg: WARNING: Using untrusted key!
gpg: encrypted with 2048-bit ELG-E key, ID 8BBFE27F, created 2007-12-17
     "bho duplicity"
gpg: Signature made Wed Oct 22 16:31:08 2008 CEST using DSA key ID FFF83736 
gpg: Good signature from "bho duplicity"
gpg: WARNING: Using untrusted key!
gpg: encrypted with 2048-bit ELG-E key, ID 8BBFE27F, created 2007-12-17
     "bho duplicity"
gpg: Signature made Wed Oct 22 16:28:17 2008 CEST using DSA key ID FFF83736 
gpg: Good signature from "bho duplicity"
gpg: WARNING: Using untrusted key!
gpg: encrypted with 2048-bit ELG-E key, ID 8BBFE27F, created 2007-12-17
     "bho duplicity"
gpg: Signature made Wed Oct 22 02:03:02 2008 CEST using DSA key ID FFF83736 
gpg: Good signature from "bho duplicity"
gpg: WARNING: Using untrusted key!
gpg: encrypted with 2048-bit ELG-E key, ID 8BBFE27F, created 2007-12-17
     "bho duplicity"
gpg: Signature made Mon Oct 20 10:31:24 2008 CEST using DSA key ID FFF83736 
gpg: Good signature from "bho duplicity"
gpg: WARNING: Using untrusted key!
AsyncScheduler: running task synchronously (asynchronicity disabled)
Running 'ncftpput -f /tmp/duplicity-hR1s-r-tempdir/mkstemp-xfkUHm-1 -F -t 30 -m -V -C '/tmp/duplicity-hR1s-r-tempdir/mktemp-mpHKW_-9' 'bho13b/duplicity-inc.2008-10-22T16_32_49+02_00.to.2008-10-22T16_36_12+02_00.vol1.difftar.gpg'' (attempt #1) 
AsyncScheduler: task complete
Running 'ncftpput -f /tmp/duplicity-hR1s-r-tempdir/mkstemp-xfkUHm-1 -F -t 30 -m -V -C '/tmp/duplicity-hR1s-r-tempdir/mktemp-d8eX0Q-10' 'bho13b/duplicity-inc.2008-10-22T16_32_49+02_00.to.2008-10-22T16_36_12+02_00.manifest.gpg'' (attempt #1) Running 'ncftpput -f /tmp/duplicity-hR1s-r-tempdir/mkstemp-xfkUHm-1 -F -t 30 -m -V -C '/tmp/duplicity-hR1s-r-tempdir/mktemp-D0G8T0-3' 'bho13b/duplicity-new-signatures.2008-10-22T16_32_49+02_00.to.2008-10-22T16_36_12+02_00.sigtar.gpg'' (attempt #1) 
--------------[ Backup Statistics ]--------------
StartTime 1224686183.57 (Wed Oct 22 16:36:23 2008)
EndTime 1224686276.69 (Wed Oct 22 16:37:56 2008)
ElapsedTime 93.12 (1 minute 33.12 seconds)
SourceFiles 10921
SourceFileSize 1199383295 (1.12 GB)
NewFiles 0
NewFileSize 0 (0 bytes)
DeletedFiles 0
ChangedFiles 1
ChangedFileSize 577379891 (551 MB)
ChangedDeltaSize 0 (0 bytes)
DeltaEntries 1
RawDeltaSize 5885 (5.75 KB)
TotalDestinationSizeChange 2509 (2.45 KB)
Errors 0
-------------------------------------------------
--- Finished (16:37:58.304) Runtime 00:01:45.763 ---


---


address@hidden wrote:

Hello all,

somebody switching from an old to the recent  ftplicity version came up
with an error similar to this...

gpg: FFFFFFFF: There is no assurance this key belongs to the named user
gpg: [stdin]: sign+encrypt failed: unusable public key
gpg: encrypted with 2048-bit ELG-E key, ID FFFFFFFF, created 2007-12-17
     "duplicity"
gpg: FFFFFFFF: There is no assurance this key belongs to the named user
gpg: [stdin]: sign+encrypt failed: unusable public key
this was because the selected key was not trusted, he didn't know why it 
suddenly happend, because the former combination of ftplicity
1.1.1/duplicity 0.4.9/gpg-1.4.5-24.4 worked fine.... but still this can
happen when installing/switching machines or accounts - so it should be
prevented .. especially as the gpg error message only comes up with
verbosity 5 or more
... this made me think of ways to prevent this error .. as I didn't find 
a way to let gpg show the trust state of a key, the only way for now is
to test-sign+encrypt something and to check if that throws an error
e.g. > echo "$PASS" | gpg --passphrase-fd 0 -e -r FFFFFFFF --batch -o
/tmp/mktemp.file test.txt
the other solution I think of is a bit more straight forward ... why not 
setting gpg --trust-always  .. as  the user selects  a key that he/her
obviously wants to use and therefore has to trust
I am interested in opinions about this idea .. as there is currently no
scenario I can imagine, except of a hacked backup user account (but then 
everything is lost already, so it doesn't matter),  where the
--trust-always could be security problematic

on the other hand .. if there is an easy way to doublecheck if a key is
trusted ultimately, I still would think about this way, as test
encrypting someting does not seem very elegant to me


Thanks for the heads up on this one.  I'll look into it.

...Ken
------------------------------------------------------------------------ 

_______________________________________________
Duplicity-talk mailing list
address@hidden
http://lists.nongnu.org/mailman/listinfo/duplicity-talk




_______________________________________________
Duplicity-talk mailing list
address@hidden
http://lists.nongnu.org/mailman/listinfo/duplicity-talk
reply via email to
[Prev in Thread] Current Thread [Next in Thread]