Re: [Duplicity-talk] Switching to new keys after changing to sftp duplicity-backup

[edgar . soldin]

On 17.01.2024 14:45, Vera Schmidt via Duplicity-talk wrote:
> Hi,
>
> thanks Ken, that sounds good ;-)

true, sounds reasonable. personally i've never seen those log messages and 
without can't start to investigate.

> moin Ede,
> now I started a test backup and can tell more:
> versions: duply v2.3.1, duplicity version 0.8.21, python 3.10.12
>
> As the test backup is smaller than a real backup and the outputs are shorter I 
> found this:
> "INFO:
>
> duply exported new keys to your profile.
> Your should backup your changed profile folder now and store it in a safe 
> place."
>
> Could this be the reason for the key messages (handshake, change to new keys)?

no this is just duply (not duplicity:) telling you that it saved key copies for 
you. it just noticed that you used a new profile and it saved them for you.

> For me it means that now there is a (new/exported) file  duply 
> gpgkey.XXXX.pub.asc and a (new/exported) file gpgkey.XXXX.sec.asc in the folder 
> where duply works, where the configuration file conf has to be.
> Is that correct?

indeed.

> These 2 files are generated when I forget to copy them to the folder before 
> starting the backup (I clean the folder after the backups to avoid problems in 
> case I catch malware in the system). These 2 files - are they copies of the 
> originals? Or are they new ones so that I have to store them additionally to be 
> able to restore the backups made with them?

you can disable the export since duply 2.3 by setting GPG_EXPORT='disabled'. 
regenerate the conf from template or just add it.
deactivating it wont protect your keys better though. if an attacker gains your 
privileges, they can easily do the same.

my suggestion would be, doing what the hint says "You should backup your changed 
profile folder now and store it in a safe place." becasue that is all that's need to 
restore from remote backend later.

sunny regards from snowy Cologne.. ede