Re: [Duplicity-talk] Manifest stores SHA1 hash of files, checked before restore?

[Chris Poole]

On Thu, Jul 14, 2011 at 12:43 PM,  <address@hidden> wrote:
> latest duplicity has the possibility to define env var SIGN_PASSPHRASE and 
> PASSPHRASE. this way you don't have to input them manually.

This isn't something I want to do; using gpg-agent is a compromise,
but I'd still prefer to use it for short periods of time only.

> there is no code to compare signing vs. encryption key, so they are asked for 
> separately. I am not sure if the double input to ensure correctness is a wise 
> decision. i would plead to have it putted in and if it is wrong gpg will 
> complain later on.

But when I backup incrementally, why is it wanting my passphrase for
encryption? It doesn't need to to encrypt to my public key, so it
should only require it for signing.

Local and remote caches were synced, so it didn't have to pull
manifest and signature files from the remote and decrypt them before
starting the backup.

When I perform a full backup, I'm only asked for my passphrase twice.
Still too much, I think, since gpg would throw an error if the
passphrase didn't allow the first signing to take place, so the
replication on the user's part shouldn't be required.

> eventually. i just had a look at the corresponding code 
> duplicity-bin::get_passphrase. with the latest duplicity you should be asked 
> two times ("Input/Retype") for each key (Signing/Encryption). Isn't that so? 
> You could post an obfuscated output log of a run with '-v9' to show what 
> happens.
>
> ede/duply.net
>
> _______________________________________________
> Duplicity-talk mailing list
> address@hidden
> https://lists.nongnu.org/mailman/listinfo/duplicity-talk
>