How can I use Duplicity with a symmetric key?

passphrase gpg duplicity

I am using duplicity to perform backups on my server. Right now duplicity is encrypting the backup using a GPG public-private key system. I would prefer to encrypt the backup files using just a passphrase, so I don't have to try and keep up with secret keys. How can I configure the backups to be encrypted this way?

Thanks,

Mike


The default mode of duplicity is to use a symmetric key which consists of a simple passphrase. There's no way I would use that though: if you have to type the key, you can't run an unattended backup!

If you want to run an unattended backup, you have to pass duplicity a public key somehow. The only kind of public key that duplicity supports is GPG, and that requires a key pair. If you don't want more security than the passphrase provides, keep plenty of copies of the private key around (e.g. store it on every backup media, and print it).

Note that you need to choose a really good passphrase (as in long and having high entropy) to get reasonable security from offline attacks (which is the threat here).


old question, but I have an answer. You can set the passphrase in your backupscript, to let it run unattended.

#!/bin/bash
export PASSPHRASE=<your password>
duplicity…

Related

How to specify to MSTSC which session to connect to?
Dell SSD options and 3rd party SSDs in Dell hardware
SSLCipherSuite - disable weak encryption, cbc cipher and md5 based algorithm
Manage SSH Users with MySQL backend
SSH Keys Authentication keeps asking for password
zfs pool not automatically mounted
Rack layout for future growth
Use Postfix to forward mail to a domain to the same address at a different domain
How to lower Gluster FS down peer timeout / reduce down peer impact?
Partial-stroking / Short-stroking / Half-stroking Hard Drives?
modify the recipient address of an email on the file in the postfix queue
Upgraded Ubuntu, all drives in one zpool marked unavailable