[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Duplicity-talk] Switching to new keys after changing to sftp duplic
From: |
edgar . soldin |
Subject: |
Re: [Duplicity-talk] Switching to new keys after changing to sftp duplicity-backup |
Date: |
Thu, 18 Jan 2024 13:33:32 +0100 |
User-agent: |
Mozilla Thunderbird |
On 17.01.2024 14:45, Vera Schmidt via Duplicity-talk wrote:
Hi,
thanks Ken, that sounds good ;-)
true, sounds reasonable. personally i've never seen those log messages and
without can't start to investigate.
moin Ede,
now I started a test backup and can tell more:
versions: duply v2.3.1, duplicity version 0.8.21, python 3.10.12
As the test backup is smaller than a real backup and the outputs are shorter I
found this:
"INFO:
duply exported new keys to your profile.
Your should backup your changed profile folder now and store it in a safe
place."
Could this be the reason for the key messages (handshake, change to new keys)?
no this is just duply (not duplicity:) telling you that it saved key copies for
you. it just noticed that you used a new profile and it saved them for you.
For me it means that now there is a (new/exported) fileĀ duply
gpgkey.XXXX.pub.asc and a (new/exported) file gpgkey.XXXX.sec.asc in the folder
where duply works, where the configuration file conf has to be.
Is that correct?
indeed.
These 2 files are generated when I forget to copy them to the folder before
starting the backup (I clean the folder after the backups to avoid problems in
case I catch malware in the system). These 2 files - are they copies of the
originals? Or are they new ones so that I have to store them additionally to be
able to restore the backups made with them?
you can disable the export since duply 2.3 by setting GPG_EXPORT='disabled'.
regenerate the conf from template or just add it.
deactivating it wont protect your keys better though. if an attacker gains your
privileges, they can easily do the same.
my suggestion would be, doing what the hint says "You should backup your changed
profile folder now and store it in a safe place." becasue that is all that's need to
restore from remote backend later.
sunny regards from snowy Cologne.. ede