New question #681867 on Duplicity: https://answers.launchpad.net/duplicity/+question/681867
It seems that attempting to sign a symmetrically encrypted backup using a non-existent secret key results in duplicity silently defaulting to an existing secret key. For example, the command: duplicity --sign-key=aaaaaaaa src file://dest works exactly as if I had specified an existing secret key (I think it defaults to the earliest-created key); it prompts for passphrases, accepts the passphrase for the existing key, and then when restoring from the backup, duplicity indicates that the backup was signed with the existing key. I increased the verbosity to the highest level (debug) and ran the backup command again, but did not see any log messages to indicate that duplicity was intentionally defaulting to an existing key. Therefore this seems like a bug, but I thought I would ask before filing a bug report, in case this is intended behavior. I'm running duplicity 0.7.11 on Debian GNU/Linux 9 (stretch), so I apologize if this has been fixed in a later release. Note that this issue does not occur if attempting asymmetric encryption with --encrypt-sign-key, because gpg will simply fail with "No public key". -- You received this question notification because your team duplicity-team is an answer contact for Duplicity. _______________________________________________ Mailing list: https://launchpad.net/~duplicity-team Post to : [email protected] Unsubscribe : https://launchpad.net/~duplicity-team More help : https://help.launchpad.net/ListHelp
