duplicity-talk
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Duplicity-talk] backup from multiple devices with GPG asymetric key

From: Jonathan Dray
Subject: Re: [Duplicity-talk] backup from multiple devices with GPG asymetric key encryption - best practices
Date: Thu, 13 Jan 2022 00:34:46 +0100
Hi Edgar,

Le mer. 12 janv. 2022 à 16:17, edgar.soldin--- via Duplicity-talk <duplicity-talk@nongnu.org> a écrit :
hey Jonathan,

On 12.01.2022 14:05, Jonathan Dray via Duplicity-talk wrote:
SNIP
> However for the signing part it is the other way around, and the signing private key is needed for backup. As the public signing key will be needed for validation in the restore process.

what is your reasoning for a passphrase protected signing key? after all it is just there to approve that the backup came from this machine and no other.

No specific reason really.
As the encryption key is passphrase protected I went the same way with the sign key :)
 

> What do you think about the backup key pair for each server, vs a backup key pair for all devices.
> Would you have any recommendations ?

personally i usually suggest a double backup key pair approach.

use public machine key and personal key to encrypt against. the personal is just there for the remote possibility you manage to lose the machine private key.

I just learned that encryption can be done with multiple keys, thanks :)
And if I understand correctly it lets any "recipient" having their own private key to decrypt information.
This is indeed a clever way to have a backup key pair in case the machine encryption private key is lost.
 

the machine private key in case, the archive needs to be refreshed or a backup to be resumed (both needs decryption). there are super-security aware users, that do not want to enable the box to decode old backups, so they run backups w/o the private key. danger is that backups stop at some point though, so extra careful observation is needed.

Yep I was thinking of the second strategy, leaving the private key out of the machine.
But as you said it requires careful monitoring.
 

for signing use either the machine private key or generate a second machine specific key if you want to go the decryptionless route.

 
Sorry I'm not sure I understand that last point ?
Many thanks for the all the insights ! 

have fun.. ede


_______________________________________________
Duplicity-talk mailing list
Duplicity-talk@nongnu.org
https://lists.nongnu.org/mailman/listinfo/duplicity-talk
reply via email to
[Prev in Thread] Current Thread [Next in Thread]