[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Duplicity-talk] Encryption failed (Code 2)
From: |
edgar . soldin |
Subject: |
Re: [Duplicity-talk] Encryption failed (Code 2) |
Date: |
Wed, 20 Feb 2019 17:41:26 +0100 |
User-agent: |
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.5.1 |
thats most likely no MDC issue.
you probably used gpg 1.x before.
since gpg 2.1 some config is needed to convince gpg to accept piped in
passphrases. see
https://lists.launchpad.net/duplicity-team/msg02653.html
essentially you need
1.
to add the line
allow-loopback-pinentry
to '.gnupg/gpg-agent.conf' in the users home folder that runs the backup.
2.
add
GPG_OPTS='--pinentry-mode loopback'
to your duply conf file
good luck ..ede/duply.net
On 20.02.2019 14:32, Vera Schmidt via Duplicity-talk wrote:
> Hi Edgar,
>
> gpg (GnuPG) 2.2.4
> libgcrypt 1.8.1
>
> duplicity 0.7.17
>
> Vera
>
> Am 20.02.19 um 12:42 schrieb address@hidden:
>> hi Vera,
>>
>> please state your duplicity and gpg versions.
>>
>> ..ede/duply.net
>>
>> On 20.02.2019 12:37, Vera Schmidt via Duplicity-talk wrote:
>>> Hi,
>>>
>>> I changed my OS to next Ubuntu LTS 18.04.
>>> First trial to use duplicity after some month with images ended with an
>>> error - and I am not sure if the problem fits to the Duplicity-talk mails
>>> below concerning GnuPG MDC errors.
>>>
>>> If it is the same problem: Can somebody tell me how to turn off MDC via gpg
>>> options? Or where to get the information?
>>>
>>> Anyhow: Would be nice to get any tips.
>>> Thanks alot in advance
>>>
>>> Vera
>>>
>>>
>>> Encryption failed (Code 2).
>>> gpg: WARNUNG: Unsicheres Besitzverhältnis des Home-Verzeichnis
>>> `/home/XXXX/.gnupg'
>>> gpg: "YYYYYYYY" wird als voreingestellter geheimer Signaturschlüssel benutzt
>>> [GNUPG:] KEY_CONSIDERED ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ A
>>> [GNUPG:] KEY_CONSIDERED CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC B
>>> [GNUPG:] BEGIN_SIGNING H8
>>> [GNUPG:] PINENTRY_LAUNCHED 7172 gnome3:curses 1.1.0 - xterm-256color :0
>>> gpg: Beglaubigung fehlgeschlagen: Unpassender IOCTL (I/O-Control) für das
>>> Gerät
>>> [GNUPG:] BEGIN_ENCRYPTION 2 9
>>> [GNUPG:] FAILURE sign-encrypt 83918950
>>> gpg: /usr/bin/duply: sign+encrypt failed: Unpassender IOCTL (I/O-Control)
>>> für das Gerät
>>>
>>> Hint:
>>> This error means that gpg is probably misconfigured or not working
>>> correctly. The error message above should help to solve the problem.
>>> However, if for some reason duply should misinterpret the situation you
>>> can define GPG_TEST='disabled' in the conf file to bypass the test.
>>> Please do not forget to report the bug in order to resolve the problem
>>> in future versions of duply.
>>>
>>>
>>>
>>> -------- Weitergeleitete Nachricht --------
>>> Betreff: Re: [Duplicity-talk] Ignoring GnuPG MDC errors
>>> Datum: Wed, 5 Sep 2018 15:42:21 -0500
>>> Von: Kenneth Loafman via Duplicity-talk <address@hidden>
>>> Antwort an: Discussion about duplicity backup <address@hidden>
>>> An: Discussion about duplicity backup <address@hidden>
>>> Kopie (CC): Kenneth Loafman <address@hidden>
>>>
>>> Hi,
>>>
>>> Prior to GNUpg 2.2.8, the MDC (modify detection code) was optional. Now
>>> it's on by default. Duplicity does a hash of the entire file so the MDC is
>>> duplication of effort. Plus the effort is difficult when maintaining
>>> backwards compatibility. I decided that other development was more
>>> important at this time, so turned off MDC via gpg options and got rid of
>>> the problem. You are still protected by the hash stored in the manifest.
>>>
>>> ...Thanks,
>>> ...Ken
>>>
>>>
>>> On Tue, Sep 4, 2018 at 5:45 PM Leo Famulari via Duplicity-talk <
>>> address@hidden> wrote:
>>>
>>>> Hi,
>>>>
>>>> I'm curious about the resolution of bug #1780617 [0],
>>>> "test_sigchain_fileobj test fails when GnuPG >= 2.2.8".
>>>>
>>>> The bug was filed in response to a recent change in GnuPG that made gpg
>>>> check for integrity errors ("MDC errors") in encrypted archives by
>>>> default, and to consider integrity errors to be a hard failure.
>>>>
>>>> This change in GnuPG caused a test failure in Duplicity, and the
>>>> response was to unconditionally ignore the result of the integrity
>>>> check. [1]
>>>>
>>>> The Duplicity web page says, "Because duplicity uses GnuPG to encrypt
>>>> and/or sign these archives, they will be safe from spying and/or
>>>> modification by the server."
>>>>
>>>> I don't fully understand the impact of this change on Duplicity, or how
>>>> Duplicity stores and authenticates its archives. How does Duplicity
>>>> protect against modification of backup archives?
>>>>
>>>> [0] https://bugs.launchpad.net/duplicity/+bug/1780617
>>>>
>>>> [1]
>>>> https://bazaar.launchpad.net/~duplicity-team/duplicity/0.8-series/revision/1308
>>>> _______________________________________________
>>>> Duplicity-talk mailing list
>>>> address@hidden
>>>> https://lists.nongnu.org/mailman/listinfo/duplicity-talk
>>>>
>>>
>>>
>>> _______________________________________________
>>> Duplicity-talk mailing list
>>> address@hidden
>>> https://lists.nongnu.org/mailman/listinfo/duplicity-talk
>>
>>
>
> _______________________________________________
> Duplicity-talk mailing list
> address@hidden
> https://lists.nongnu.org/mailman/listinfo/duplicity-talk