I think 1, 2, 3, and 4 assume asymmetric encryption.
By default Duplicati uses symmetric encryption, so there is no private key, just as shared password. You can use asymmetric encryption as explained here:
If you use asymmetric encryption, the key is handled by GPG and not stored in Duplicati.
For (2) if you use symmetric encryption, the passphrase is stored in the database:
For (5) you would need the private key if you are using asymmetric, or the passphrase if you are using symmetric.
Perfect! Works like a charm. Very, very nice (also like the error reporting when keys are missing at backup/restore) The links provided everything I needed to get GPG encryption working. Apparently my creativity was too limited when searching the forum. Thanks for the apt and complete reply @kenkendk!