双重加密到一个奇怪的密钥?

双重加密到一个奇怪的密钥?

我正在尝试duplicity使用 gpg 密钥,但它的行为有点奇怪(在我想要备份的实际计算机上,在虚拟机中似乎更好)。这是一组完整的命令(在一分钟内执行):

grove@stacey> rm -fr /tmp/backup
grove@stacey> duplicity full --encrypt-key 00FDE9885BB452EC317D6FF924A2044BE1CCBEE1 --sign-key 0FA385BE82DE75CD94338E65EA7482DAB844D7E7 /home/grove/tmp/backuptest file:///tmp/backup
Warning, found signatures but no corresponding backup files
Synchronizing remote metadata to local cache...
Deleting local /home/grove/.cache/duplicity/ba8d32ccb88d13597b4784252744fc75/duplicity-full-signatures.20230721T124839Z.sigtar.gz (not authoritative at backend).
Deleting local /home/grove/.cache/duplicity/ba8d32ccb88d13597b4784252744fc75/duplicity-full.20230721T124839Z.manifest (not authoritative at backend).
Last full backup date: none
GnuPG passphrase for decryption: 
GnuPG passphrase for signing key: 
--------------[ Backup Statistics ]--------------
StartTime 1689944019.33 (Fri Jul 21 14:53:39 2023)
EndTime 1689944019.42 (Fri Jul 21 14:53:39 2023)
ElapsedTime 0.09 (0.09 seconds)
SourceFiles 61
SourceFileSize 45056 (44.0 KB)
NewFiles 61
NewFileSize 45056 (44.0 KB)
DeletedFiles 0
ChangedFiles 0
ChangedFileSize 0 (0 bytes)
ChangedDeltaSize 0 (0 bytes)
DeltaEntries 61
RawDeltaSize 0 (0 bytes)
TotalDestinationSizeChange 1983 (1.94 KB)
Errors 0
-------------------------------------------------

grove@stacey> duplicity full --encrypt-key 00FDE9885BB452EC317D6FF924A2044BE1CCBEE1 --sign-key 0FA385BE82DE75CD94338E65EA7482DAB844D7E700FDE9885BB452EC317D6FF924A2044BE1CCBEE1 /home/grove/tmp/backuptest
[130] grove@stacey> duplicity verify --compare-data --encrypt-key 00FDE9885BB452EC317D6FF924A2044BE1CCBEE1 --sign-key 0FA385BE82DE75CD94338E65EA7482DAB844D7E7 file:///tmp/backup /home/grove/tmp/backuptest 
Local and Remote metadata are synchronized, no sync needed.
Last full backup date: Fri Jul 21 14:53:21 2023
GnuPG passphrase for decryption: 
GPGError: GPG Failed, see log below:
===== Begin GnuPG log =====
gpg: encrypted with 4096-bit RSA key, ID 7554FBF3A16C9773, created 2023-07-06
"Duplicity_encryption (Encryption key for duplicity)"
gpg: public key decryption failed: No passphrase given
gpg: decryption failed: No secret key
===== End GnuPG log =====

[31] grove@stacey> gpg --list-keys | grep -i 7554FBF3A16C9773
[1] grove@stacey> gpg --list-secret-keys | grep -i 7554FBF3A16C9773
[1] grove@stacey> gpg --list-keys | grep -i -C2 duplicity
pub   rsa4096 2023-07-06 [SC]
      00FDE9885BB452EC317D6FF924A2044BE1CCBEE1
uid           [ ultim. ] Duplicity_encryption (Encryption key for duplicity)
sub   rsa4096 2023-07-06 [E]

由于某种原因,口是心非在进行备份时要求提供解密密码(并且不需要该密码),但这是一个小问题(可能会在新版本中修复)。最大的问题是备份似乎是针对未知的 GPG 密钥进行加密的? (我认为不需要进行备份的公共部分 - 也不需要读取它的私有部分)。我什至指定了要加密的密钥,但这被忽略了?

(这是使用 Debian Bullseye 的口是心非 0.8.17-1+b1 - 我知道它很旧,稳定版有一个更新一点的版本,但仍然有点旧,但备份是我想要的东西升级前的位置)

那么它用于加密的密钥在哪里呢?或者:如何让它使用我实际指定的密钥?

相关内容