On Tue, 12 Nov 2019 07:46:37 -0500, "Michael Terry" writes: >Wait, you mean that you want to back up without even needing the >passphrase for the secret gpg key?
that's precisely it. the secret key isn't even present on the machines that the backup runs on, just the public key. gpg (on duplicity's behalf) encrypts the data to and for the public key in question and thus performs a non-reversible one-way transformation as far as that backup machine is concerned. that way you get zero leakage potential on the backup machines (no secret data whatsoever is present), at the cost of not having cryptographic integrity assurance (as no signature can be generated w/o some secret key). regards az -- Alexander Zangerl + GPG Key 2FCCF66BB963BD5F + http://snafu.priv.at/ If USENET is anarchy, IRC is a paranoid schizophrenic after 6 days on speed. -- Chris "Saundo" Saunderson
signature.asc
Description: Digital Signature
