Re: [Duplicity-talk] Adding PGP key to a keychain?

duplicity-talk

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Duplicity-talk] Adding PGP key to a keychain?

From:	Tapio Sokura
Subject:	Re: [Duplicity-talk] Adding PGP key to a keychain?
Date:	Sun, 09 Jul 2023 12:07:47 +0000

Hello,

Have you tried adjusting the passphrase caching periods in GnuPG? This way you 
only need to give the passphrses after booting once and don't have to have them 
written anywhere on disk.

For example in gpg-agent.conf of the user doing the backups:
default-cache-ttl 31536000
max-cache-ttl 31536000

The values are in seconds, so the above would give you 1 year of passphrase 
caching. I haven't tested this on RHEL 8 derivatives, but works fine on 
derivatives of 7.

Remember the caching is separate for signing and encryption keys. So you 
probably need to use both keys manually to have them cached for duplicity to 
work without prompting for passphrases.

  Tapio

On 7 July 2023 22.36.39 UTC, Scott Classen via Duplicity-talk 
<duplicity-talk@nongnu.org> wrote:
>Hello,
>
>I recently migrated our duply/duplicity installation to a new machine running 
>Rocky Linux 8.8
>
>
>Now, when I run any duply tasks I get prompted for the GPG key password…. 
>Which works, but it only "remembers" the password for a short amount of time. 
>I do not remember this from previous installations.
>
>┌────────────────────────────────────────────────────────────────┐
>│ Please enter the passphrase to unlock the OpenPGP secret key:  │
>│ “xxxxxxxxxxxxx"                                                │
>│ 2048-bit RSA key, ID ABCDEF1234567890,                         │
>│ created 2015-09-21.                                            │
>│                                                                │
>│                                                                │
>│ Passphrase: __________________________________________________ │
>│                                                                │
>│         <OK>                                    <Cancel>       │
>└────────────────────────────────────────────────────────────────┘
>
>
>These are the installed versions:
>
>Start duply v2.4.3, time is 2023-07-07 15:32:02.
>Using profile '/etc/duply/home_d'.
>Using installed duplicity version 1.2.3, python 3.10.12 
>(/root/.conda/envs/duply/bin/python) 
>'PYTHONPATH=:/root/.conda/envs/duply/lib/python310.zip:/root/.conda/envs/duply/lib/python3.10:/root/.conda/envs/duply/lib/python3.10/lib-dynload:/root/.conda/envs/duply/lib/python3.10/site-packages',
> gpg 2.2.20 (Home: /root/.gnupg), awk 'GNU Awk 4.2.1, API: 2.0 (GNU MPFR 
>3.1.6-p2, GNU MP 6.1.2)', grep 'grep (GNU grep) 3.1', bash '4.4.20(1)-release 
>(x86_64-redhat-linux-gnu)’.
>
>
>How can I prevent this? Is there a way to add the password to a key store or 
>keychain of some sort?
>
>Thanks,
>
>Scott

[Prev in Thread]

Current Thread

[Next in Thread]

[Duplicity-talk] Adding PGP key to a keychain?, Scott Classen, 2023/07/07
- Re: [Duplicity-talk] Adding PGP key to a keychain?, edgar . soldin, 2023/07/09
- Re: [Duplicity-talk] Adding PGP key to a keychain?, Tapio Sokura <=

Prev by Date: Re: [Duplicity-talk] Adding PGP key to a keychain?
Next by Date: Re: [Duplicity-talk] Version 2.0.0 Progress
Previous by thread: Re: [Duplicity-talk] Adding PGP key to a keychain?
Next by thread: [Duplicity-talk] Volume does not restore any files?
Index(es):
- Date
- Thread