Re: [Duplicity-talk] No secret key required on differential backups

[Lluís Batlle]

2010/2/28 Georg Lutz <address@hidden>:
> Lluís Batlle schrieb:
>>
>> For example, I backup with this:
>> duplicity --full-if-older-than 7D --encrypt-key (mykeyid) /mysourcedir
>> file:///mybackupdir
>> And I verify with this:
>> duplicity verify --full-if-older-than 7D --encrypt-key (mykeyid)
>> file:///mybackupdir /mysourcedir
>>
>
> Hi Lluis,
>
> are you 100% sure that e.g. gpg-agent isn't caching the password somehow? If
> I use your command line duplicity still exits with a stacktrace in the GPG
> section, saying that the decryption failed, because the secret key is not
> available, see the attached log file.
>
> If I prepend a "--use-agent" to the duplicity call, then the gpg-agent
> windows pops up, asking me for a password.

Hello Georg,

I've never used a gpg-agent in that computer. I simply had a
passphrase in the gpg secret key, and the backup command has been run
every day since some weeks without problems from the cron. I have
checked the cron letters so all the backups look fine (incremental and
full).

I was impressed once I decided to do a 'verify', that the password was
asked to me.

I removed the gpg passphrase, so I'm not reproducing this again. I
will cipher the secret key with a passphrase this week, and I will
retry all this.