GPG asymmetric seems to not working

#1

Hello there,

I would like to use GPG asymmetric encryption but it seems to not be working :frowning:

I’m already a Duplicity user but it doesnt handle deduplication so I gave Dupliciti a try by installing the duplicati_2.0.4.18-1_all.deb Debian package from github releases page.

With Duplicity, I send my backups crypted with only the public GPG key to S3, so the private key is mandatory to decrypt backups. I tried to do the same with Duplicati with a command line like this:

duplicati-cli backup "file:///home/jc/backup" /home/jc/images \
--encryption-module=gpg \
--gpg-encryption-command=--encrypt \
--gpg-encryption-switches="--recipient xxx@zzz.com" \
--gpg-decryption-command=--decrypt

I find Duplicati backup files with gpg extension in my /home/jc/backup folder but I can restore files to another without my GPG private key so I guess GPG is not used. :disappointed_relieved:

While I run the backup command, Duplicati still ask me for a passphrase, and only this passphrase (different from my GPG private key passphrase) can decrypt backup, so I guess Duplicati still uses symetric encryption and not GPG asymmetric one.

Another clue: if I remove my public key from my GPG list, Duplicati with gpg encryption module backups nothing, so it seems to be working as expected, expect asymmetric encryption.

My GPG version is 2.2.13

Someone can help about this ?

Many thanks,

#2

No one knows ? really ?

#3

I have it working. Will show my config later today

1 Like
#4

This is the relevant part:

--gpg-encryption-command=--encrypt --gpg-decryption-command=--decrypt --gpg-encryption-switches="--recipient user@mail.com"

So basically, you have your double quotes placed wrong.

#5

My bad, I tested again with the double quote placed at the right place. I tested a restore, and I can restore my backups without the GPG secret key, so it is useless :frowning:

The aim of asymmetric encryption is to be able to encrypt with the public GPG key, and the secret GPG key should me mandatory to restore backup.

I shouldn’t be able to restore my backups without the GPG secret key :confused:

BTW, thanks for your reply.

#6

HI @AnatomicJC,

You might have a gpg-agent running, which might keep your key unlocked. If that is the case, you will not be asked for a password.

If you are not sure you have an agent running, fastest way is to eg. try a restore on a different machine.

Regards,
Wim