1

I started a backup via duplicity without giving it any options. I haven't created any GPG keys myself, so when I ran duplicity, it asked me for a passphrase, then created a key, and successfully backed-up (to BackBlaze B2) with encryption and compression.

Good, but I don't know where the key is stored. Thus if my drive dies then I won't be able to restore the backup. gpg -k gives no output. Where's the key hiding?

0xnick1chandoke
  • 13
  • 2

1 Answers1

0

If your (secret) key does exist then it is in the secret keyring of the user used to create the key. That user's keyrings are in a directory named '.gnupg' which is in that user's home directory.

So the secret key would be here for the user that created it:

~/.gnupg/secring.gpg

However, based on what you wrote, chances are duplicity just used a symmetric key which only consists of the passphrase you entered.

Reference : https://linux.die.net/man/1/gpg

Jack.L
  • 18
  • 4
  • Haha! I was thinking that GPG was symmetric. (I'm really unfamiliar with crypto ^^;) OK, so in other words, duplicity probably encrypted via a deterministic cipher whose sole argument/secret was the passphrase that I gave, and it doesn't use keys nor entropy at all? – 0xnick1chandoke Apr 05 '19 at 19:44
  • Forgot to mention: my ~/.gnupg directory does not contain a secring.gpg file. – 0xnick1chandoke Apr 05 '19 at 19:51
  • This may shed some light concerning using Duplicity with a symmetric key: https://serverfault.com/questions/173767/how-can-i-use-duplicity-with-a-symmetric-key – Jack.L Apr 06 '19 at 21:59
  • thanks. That article confirms my hypothesis: "[if you're not using `--encrypt-key`, then] you're using symmetric encryption and the secret key consists of your passphrase exclusively." – 0xnick1chandoke Apr 06 '19 at 22:04