Why does duplicity need a passphrase for OpenPGP encryption?

gnupg pgp duplicity openpgp

Solution 1:

You're right, encryption only requires the public key, which is not protected by a passphrase.

There are two reasons Duplicity might require the private key passphrase:

  • You ask duplicity to not only encrypt the backup, but also sign it. Signing is a private key operation (and thus requires the passphrase).
  • Duplicity needs to fetch the (encrypted) meta data information from the remote location, because the local copy is wrong/out of sync. Decryption is also a private key operation and requires the passphrase.

Related

How does Linux tell an LSI Megaraid card to flush its cache before shutdown?
How do I find the AWS Quicksight IP Range
Passing parameters to AWS Lambda
What are the options for attaching DAS units greatly exceeding 62TB Virutal Disks max size limit on vSphere 6.0/6.5?
How to impose two conditions at once for Apache CustomLog?
Does cron job remain in effect after computer reboots?
Running an Ansible command in multiple docker containers
What's URD in iptables?
How to display more Task Scheduler logs?
How to fix leap second sleep issue without reboot
How to migrate a VMWare vmdk to Proxmox 4.4 with local-lvm storage
Get an AWS EC2 ebs volume to perform over 20,000 IOPS