How to use PGP/GPG with Duplicati as system service

Hi there,

I just installed Duplicati as Windows system service. Now I wanted to use asymetric PGP/GPG encryption which does not work because the system account has no access to pubkey.gpg. Duplicati tries to invoke GnuPG which then tries to create a pubkey.gpg. Does anyone have an idea how to get this to work?

Hi @luto, welcome to the forum!

I haven’t used PGP/GPG with Duplicati myself so am not sure if this is useful or not, but it sounds like you pretty much know what you’re doing… Does anything here help you at all?

Hi @JonMikelV

I already read the post from kenkendk but the problem is that when duplicati runs as system user there is no possibility to add a gpg key. I think this could be solved by running duplicati with a dedicated user who has a key in his profile. I will test this and report so that other users may find a solution, too.

I’m digging this too. ATM I reverted back to no service (BTW there is a /localuser option for duplicati.windowsService.exe install I don’t know how to use) because I saw the .gpg files can be decrypted with suppyling when prompted by Pinentry.exe the passphrase mandatory given on the first page of a GUI backup settings when we select external:gpg: used with command line gpg -v -v -d -o, the command succeeds, saying data are AES encrypted!.
Further more I don’t yet understand if --passphrase=unused is a special value or if none would do the same. Should it be the same as the one supplied on 1st-backup-settings-GUI-page, this would supply some king of fallback to AES (what is wrong) when gpg fails with --encrypt / --decrypt but no log from gpg being available, I can’t know what goes wrong (what is wrong).
Also I thought the service may not find the pubring.kbx and secret directory private-keys-v1.d not being in the default home path, We could try to use additionnal parameters --no-default-keyring --keyring="absolute-path-to\pubring.kbx" … but then we could have permissions issue (like ~/.ssh folder requiring 700 mod in linux)… things to try :frowning:

The good way