Re: [Duplicity-talk] wrong passphrase with archive-dir?

[Richard Scott]

Hiya,

I've not had that happen so far, but then again I use the PASSPHRASE 
environment variable to set
my password as I normally backup from a script. I do however use the 
--archive-dir option each and
every time I backup or restore something.

Perhaps duplicity could encrypt something that is kept locally in the 
archive-dir and test-decrypt
it before an incremental is started? If the test data is decrypted ok then the 
password is fine,
otherwise prompt again for a password?

Obviously this test wouldn't be required for a full backup as you would be 
setting the password
for that chain at this time. Also, if your backing up via a script and the 
PASSPHRASE variable is
set then there would be no need to test if the password is ok or to prompt for 
a password as
nobody would see the prompt?

Does anybody have any other ideas on this?

Rich.

> I might be missing something here, but this seems to have happened to me:
> When doing an incremental backup using an existing local --archive-dir,
> duplicity will prompt you for the passphrase once.  It will then use it to 
> encrypt the updates, but
> never to decrypt anything.  Therefore, if you specify the wrong passphase, it 
> won't be caught and
> the resulting backup will be corrupted ("GnuPG exited non-zero, with code 
> 131072" (also, shouldn't
> that be e >> 8)).  Could duplicity perhaps prompt twice in this situation or 
> somehow verify one
> file (currently if I delete one manifest from the local archive-dir it forces 
> it to download and
> check it, but this is not ideal)?
>
> :-Dylan