GPG asymmetric seems to not working

AnatomicJC · May 15, 2019, 6:38am

Hello there,

I would like to use GPG asymmetric encryption but it seems to not be working

I’m already a Duplicity user but it doesnt handle deduplication so I gave Dupliciti a try by installing the duplicati_2.0.4.18-1_all.deb Debian package from github releases page.

With Duplicity, I send my backups crypted with only the public GPG key to S3, so the private key is mandatory to decrypt backups. I tried to do the same with Duplicati with a command line like this:

duplicati-cli backup "file:///home/jc/backup" /home/jc/images \
--encryption-module=gpg \
--gpg-encryption-command=--encrypt \
--gpg-encryption-switches="--recipient xxx@zzz.com" \
--gpg-decryption-command=--decrypt

I find Duplicati backup files with gpg extension in my /home/jc/backup folder but I can restore files to another without my GPG private key so I guess GPG is not used.

While I run the backup command, Duplicati still ask me for a passphrase, and only this passphrase (different from my GPG private key passphrase) can decrypt backup, so I guess Duplicati still uses symetric encryption and not GPG asymmetric one.

Another clue: if I remove my public key from my GPG list, Duplicati with gpg encryption module backups nothing, so it seems to be working as expected, expect asymmetric encryption.

My GPG version is 2.2.13

Someone can help about this ?

Many thanks,

AnatomicJC · May 22, 2019, 1:59pm

No one knows ? really ?

Wim_Jansen · May 22, 2019, 4:09pm

I have it working. Will show my config later today

Wim_Jansen · May 23, 2019, 8:26pm

This is the relevant part:

--gpg-encryption-command=--encrypt --gpg-decryption-command=--decrypt --gpg-encryption-switches="--recipient user@mail.com"

So basically, you have your double quotes placed wrong.

AnatomicJC · May 24, 2019, 8:39am

My bad, I tested again with the double quote placed at the right place. I tested a restore, and I can restore my backups without the GPG secret key, so it is useless

The aim of asymmetric encryption is to be able to encrypt with the public GPG key, and the secret GPG key should me mandatory to restore backup.

I shouldn’t be able to restore my backups without the GPG secret key

BTW, thanks for your reply.

Wim_Jansen · May 24, 2019, 12:31pm

HI @AnatomicJC,

You might have a gpg-agent running, which might keep your key unlocked. If that is the case, you will not be asked for a password.

If you are not sure you have an agent running, fastest way is to eg. try a restore on a different machine.

Regards,
Wim