duplicity-talk
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Duplicity-talk] backup from multiple devices with GPG asymetric key

From: edgar . soldin
Subject: Re: [Duplicity-talk] backup from multiple devices with GPG asymetric key encryption - best practices
Date: Wed, 12 Jan 2022 15:33:32 +0100
User-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Thunderbird/68.12.1 
hey Jonathan,

On 12.01.2022 14:05, Jonathan Dray via Duplicity-talk wrote:
SNIP
> However for the signing part it is the other way around, and the signing 
> private key is needed for backup. As the public signing key will be needed 
> for validation in the restore process.

what is your reasoning for a passphrase protected signing key? after all it is 
just there to approve that the backup came from this machine and no other.

> What do you think about the backup key pair for each server, vs a backup key 
> pair for all devices.
> Would you have any recommendations ?

personally i usually suggest a double backup key pair approach.

use public machine key and personal key to encrypt against. the personal is 
just there for the remote possibility you manage to lose the machine private 
key.

the machine private key in case, the archive needs to be refreshed or a backup 
to be resumed (both needs decryption). there are super-security aware users, 
that do not want to enable the box to decode old backups, so they run backups 
w/o the private key. danger is that backups stop at some point though, so extra 
careful observation is needed.

for signing use either the machine private key or generate a second machine 
specific key if you want to go the decryptionless route.

have fun.. ede
reply via email to
[Prev in Thread] Current Thread [Next in Thread]