[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Duplicity-talk] backup from multiple devices with GPG asymetric key
From: |
edgar . soldin |
Subject: |
Re: [Duplicity-talk] backup from multiple devices with GPG asymetric key encryption - best practices |
Date: |
Wed, 12 Jan 2022 15:33:32 +0100 |
User-agent: |
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Thunderbird/68.12.1 |
hey Jonathan,
On 12.01.2022 14:05, Jonathan Dray via Duplicity-talk wrote:
SNIP
> However for the signing part it is the other way around, and the signing
> private key is needed for backup. As the public signing key will be needed
> for validation in the restore process.
what is your reasoning for a passphrase protected signing key? after all it is
just there to approve that the backup came from this machine and no other.
> What do you think about the backup key pair for each server, vs a backup key
> pair for all devices.
> Would you have any recommendations ?
personally i usually suggest a double backup key pair approach.
use public machine key and personal key to encrypt against. the personal is
just there for the remote possibility you manage to lose the machine private
key.
the machine private key in case, the archive needs to be refreshed or a backup
to be resumed (both needs decryption). there are super-security aware users,
that do not want to enable the box to decode old backups, so they run backups
w/o the private key. danger is that backups stop at some point though, so extra
careful observation is needed.
for signing use either the machine private key or generate a second machine
specific key if you want to go the decryptionless route.
have fun.. ede
- [Duplicity-talk] backup from multiple devices with GPG asymetric key encryption - best practices, Jonathan Dray, 2022/01/11
- Re: [Duplicity-talk] backup from multiple devices with GPG asymetric key encryption - best practices, Jeffrey Walton, 2022/01/11
- Re: [Duplicity-talk] backup from multiple devices with GPG asymetric key encryption - best practices, Scott Hannahs, 2022/01/11
- Re: [Duplicity-talk] backup from multiple devices with GPG asymetric key encryption - best practices, Scott Hannahs, 2022/01/12
- Re: [Duplicity-talk] backup from multiple devices with GPG asymetric key encryption - best practices, Rinck Sonnenberg, 2022/01/12
- Re: [Duplicity-talk] backup from multiple devices with GPG asymetric key encryption - best practices, Christian, 2022/01/12
- Re: [Duplicity-talk] backup from multiple devices with GPG asymetric key encryption - best practices, Jonathan Dray, 2022/01/12
- Re: [Duplicity-talk] backup from multiple devices with GPG asymetric key encryption - best practices, Jonathan Dray, 2022/01/12