How can I use Duplicity with a symmetric key?

gpg duplicity passphrase
6,814

Solution 1

The default mode of duplicity is to use a symmetric key which consists of a simple passphrase. There's no way I would use that though: if you have to type the key, you can't run an unattended backup!

If you want to run an unattended backup, you have to pass duplicity a public key somehow. The only kind of public key that duplicity supports is GPG, and that requires a key pair. If you don't want more security than the passphrase provides, keep plenty of copies of the private key around (e.g. store it on every backup media, and print it).

Note that you need to choose a really good passphrase (as in long and having high entropy) to get reasonable security from offline attacks (which is the threat here).

Solution 2

old question, but I have an answer. You can set the passphrase in your backupscript, to let it run unattended.

#!/bin/bash
export PASSPHRASE=<your password>
duplicity…
Share:
6,814

Related videos on Youtube

mclark1129
Author by

mclark1129

Updated on September 17, 2022

Comments

  • mclark1129
    mclark1129 almost 2 years

    I am using duplicity to perform backups on my server. Right now duplicity is encrypting the backup using a GPG public-private key system. I would prefer to encrypt the backup files using just a passphrase, so I don't have to try and keep up with secret keys. How can I configure the backups to be encrypted this way?

    Thanks,

    Mike

  • Gilles 'SO- stop being evil'
    Gilles 'SO- stop being evil' almost 14 years
    @Mike: As far as I remember, duplicity only supports the two modes. If you're passing --encrypt-key, you're using public key encryption, and your private key is composed from your private key file and your passphrase. Otherwise you're using symmetric encryption and the secret key consists of your passphrase exclusively. Obviously, you should test restoring on a machine or account that doesn't have your gpg database, if that's what you want.
  • mclark1129
    mclark1129 almost 14 years
    I'm going to do a test restore tonight on a separate machine to see what happens, thanks!
  • Sam Wilson
    Sam Wilson over 10 years
    Don't forget unset PASSPHRASE at the end of the script, otherwise the passphrase will be available to other scripts.
  • Brad Spencer
    Brad Spencer about 7 years
    PASSPHRASE won't be available to other scripts, but it will be available to anything else in that script (presuming you aren't sourceing the script). If your really want to just set the passphrase for the duplicity command use the prefix syntax: PASSPHRASE=whatever duplicity ...

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How can I speed up my Duplicity backup?
user GPG key not able to be used by SUDO
Java passphrase encryption
sks-keyservers gone. What to use instead?
forgot passphrase
How do I save an SSH key passphrase for an unattended process?
Deja-dup repeatedly asks encryption password
Automating duplicity backups using cron
Using duplicity with gzip max compression but without encryption
How to change password requirements?