Re: [Duplicity-talk] --file-to-restore without passphrase

[Grant]

>> I built my encrypted backups without a passphrase by using
>> --use-agent.
>
> you mean that you enter the passphrase in the gpg-agent dialog everytime it 
> pops up when it's needed, right?


No, my backups are unattended so I don't want to enter a passphrase.
I build them something like this in the crontab:

duplicity --use-agent --encrypt-key=... --sign-key=... --include /etc
--exclude "**" / file:///backups


>>If I omit --use-agent, I am prompted for a passphrase and
>> leaving it blank gives me "Cannot use empty passphrase with symmetric
>> encryption!".
>
> that's because you can't. gpg does simply not allow you to encrypt 
> symmetrically against an empty passphrase. it has to be at least one 
> character long technically.
>
> why exactly do you use gpg-agent with symmetric encryption. that only leads 
> to gpg-agent asking the password every time instead of gpg/duplicity. there 
> is no safety gain there.


I'd like duplicity to build backups unattended without a passphrase
and I'm OK with anyone who has access to the private key having access
to the backups.  Is my command above good for that?  If so, how do I
decrypt?


> what is your duplicity version?


I'm on 0.6.23-r1 on Gentoo.

- Grant