[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Duplicity-talk] gpg: sign+symmetric
From: |
edgar . soldin |
Subject: |
Re: [Duplicity-talk] gpg: sign+symmetric |
Date: |
Tue, 04 Oct 2011 23:23:49 +0200 |
User-agent: |
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0.2) Gecko/20110902 Thunderbird/6.0.2 |
On 04.10.2011 21:24, Richard wrote:
> Hello,
>
> The man page for duplicity 0.6.15 says:
>
> If symmetric encryption is used and the signing key is passphrase-pro-
> tected, the encryption passphrase must equal the passphrase of the
> signing key.
>
> This limitation can be circumvented by using gpg-agent for
> storing the passphrase of the signing key and the PASSPHRASE environ-
> ment variable for the encryption key or by enabling asymmetric encryp-
> tion using the --encrypt-key option.
>
> I have tried the former, but PASSPHRASE is ignored if --use-agent is on:
> duplicity does use the agent to get the signing key, but prompts for
> the symmetric encryption passphrase
> -- which is a little annoying since it has to be entered twice for
> each file to be encrypted.
i tried to reproduce this and played around with gpg a bit
it knows two modi as it seems, notice you have to define the key to sign with
as default key
1.
'--passphrase-fd 0' plus a piped password, totally ignores gpg-agent, even if
setup properly
e.g.
echo passphrase | /usr/bin/gpg --sign --default-key 01234567 --passphrase-fd 0
-o /tmp/out --batch -c /tmp/in
2.
no specific arguments, and no piped data if -o -i are set (this throws a
general error)
e.g.
/usr/bin/gpg --sign --default-key 01234567 -o /tmp/out --batch -c /tmp/in
the tests lead to the conclusions
signed symmetric encryption with commandline gpg is only possible if either
A. both passphrase (symmetric and sign keys) are entered with gpg-agent
or
B. using '--passphrase-fd 0' and the sign key has an empty passphrase
or
C. using '--passphrase-fd 0' and both passphrase (symmetric and sign keys) are
identical#
the manpage has to be updated on this
.. ede/duply.net