[Duplicity-talk] man page --sign-key should state to use signing subkey

duplicity-talk

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Duplicity-talk] man page --sign-key should state to use signing subkey

From:	Chris Poole
Subject:	[Duplicity-talk] man page --sign-key should state to use signing subkey explicitly
Date:	Sun, 24 Jul 2011 17:21:34 +0100

Hi

I've just encountered the following situation:

I have used Duplicity (0.6.14) with --sign-key and --encrypt-key, both
using the same key ID, my main ID.

My keys look like this:

- main key
  - encryption subkey
  - signing subkey

When Duplicity passes signing and encryption duties to gpg, gpg
automatically chooses the encryption and signing subkeys.

When I come to restore the backup though, Duplicity starts decrypting
the archive (ostensibly succeeding), but then fails, with this
message:

Volume was signed by key SIGNING_SUBKEY, not MAIN_KEY.

If I change Duplicity's --sign-key argument for the restore to the
subkey, then the restore works correctly.


To prevent user confusion, I think it would be best to suggest to
users in the man page that when using --sign-key, explicitly give the
ID of the signing subkey if it isn't your main key ID.


Thoughts?

Cheers,

Chris Poole

[Prev in Thread]

Current Thread

[Next in Thread]

[Duplicity-talk] man page --sign-key should state to use signing subkey explicitly, Chris Poole <=

Prev by Date: Re: [Duplicity-talk] Signature files not being deleted
Next by Date: Re: [Duplicity-talk] Signature files not being deleted
Previous by thread: [Duplicity-talk] Empty signature or manifest files created in local cache if gpg fails
Next by thread: [Duplicity-talk] Step-By-Step guide Needed!
Index(es):
- Date
- Thread