0

I created a backup with duplicity with GPG encryption used by below command. When I want to restore a file duplicity asks password for decryption. Any idea why? I use YubiKey 5 to store my GPG private key so it is not password protected, moreover, it asks passphrase for decryption not passphrase of GPG private key.

Earlier I used symmetric encryption too instead of GPG (PASSPHRASE environment variable) but in the meantime both ~/.cache/duplicity directory on client side and full backup set on remote side were deleted.

:/tmp$ duplicity restore --file-to-restore "/home/gabor/test.jpg" sftp://backupmachine//mnt/duplicity/ /tmp/teszt/test.jpg
Local and Remote metadata are synchronized, no sync needed.
Last full backup date: Sat Aug 27 14:02:43 2022
GnuPG passphrase for decryption:

This is how backup was created:

TARGET='sftp://backupmachine//mnt/duplicity/'
SSH_KEY="${BASE_DIR}/cloud.pem"

GPG_ENCRYPT_OPTS=--encrypt-key=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
export DUP_OPT="--ssh-options -oIdentityFile=${SSH_KEY}"
duplicity $DUP_OPT $GPG_ENCRYPT_OPTS --full-if-older-than 3W --include-filelist "$(dirname $0)/gabor1-list.txt" --exclude '**' --exclude "$HOME/.cache/duplicity" / "${TARGET}"

This is how I tested .gpg files they are really encrypted with GPG key instead of symmetric encryption with passphrase:

:/tmp$ gpg -d duplicity-new-signatures.20220827T120243Z.to.20220828T010003Z.sigtar.gpg > x
gpg: encrypted with 4096-bit RSA key, ID xxxxxxxxxxxxxxxx, created 2022-05-27
      "me <[email protected]>"
:/tmp$ file x
x: POSIX tar archive
Improve this question

1 Answer 1

Reset to default
1

duplicity does not know that you created a passphraseless key. hence it asks. just supplying an empty one by hitting enter should suffice.

if you want duplicity not to ask provide either

PASSHPHRASE=''

or

  • set the option --use-agent to have gpg explicitly use it's agent to deal with passphrases.

hope that helped, ede/duply.net

Improve this answer
4
  • If I just simply press enter to provide empty passphrase I get this message, however, --use-agent looks good! Thanks! "Cannot use empty passphrase with symmetric encryption! Please try again."
    – Halacs
    Aug 28, 2022 at 16:55
  • "Cannot use empty passphrase with symmetric encryption! Please try again." signals that duplicity is not aware of your keys and thinks it is in default symmetric encryption mode. what was the command line leading to the error message?
    – ede-duply.net
    Aug 29, 2022 at 18:54
  • Yes, most probably that was the case because --use-agent option solves my issue as ede suggested. Thanks!
    – Halacs
    Aug 30, 2022 at 19:59
  • still @Halacs make sure tat you are really using the keys by providing the proper parameters to duplicity!
    – ede-duply.net
    Aug 31, 2022 at 20:04

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .