I think 1, 2, 3, and 4 assume asymmetric encryption.
By default Duplicati uses symmetric encryption, so there is no private key, just as shared password. You can use asymmetric encryption as explained here:
If you use asymmetric encryption, the key is handled by GPG and not stored in Duplicati.
For (2) if you use symmetric encryption, the passphrase is stored in the database:
For (5) you would need the private key if you are using asymmetric, or the passphrase if you are using symmetric.