I need to use Duplicity to backup server directories to Amazon S3.
Duplicity uses GnuPG to encrypt the data so that no one can read it.
I followed
this guide to create "The script"
So, my task was create 1 script to be deployed across my servers which would backup the directories. And should any server die, have the ability to SCP the public and private keys to that server so that restoration could occur automatically and backups could occur after restoration.
Here's what to do
1. Generate the private and public keys
answer all the questions. We'll assume the key created was 12345678. And the name you entered (Real name) is "Real name"
now create backups of your keys
Code:
gpg --output secret --export-secret-keys "Real name"
gpg --output public --export "Real name"
so, let's pretend, server dies. You get the OS installed on the new one
scp the secret and public keys to server2
Code:
#scp secret public root@server2:
now, from server2 import the keys
Code:
# gpg --import secret public
now, here comes the tricky part, you must tell GPG to trust these keys to avoid the error
gpg: There is no assurance this key belongs to the named user
Code:
server2# gpg --edit-key 12345678
Secret key is available.
Command> trust
pub 1024D/12345678 created: 2009-09-25 expires: never usage: SC
trust: unknown validity: unknown
sub 2048g/87654321 created: 2009-09-25 expires: never usage: E
[ unknown] (1). Real name (comment) <some@email.com>
Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)
1 = I don't know or won't say
2 = I do NOT trust
3 = I trust marginally
4 = I trust fully
5 = I trust ultimately
m = back to the main menu
Your decision? 5
Do you really want to set this key to ultimate trust? (y/N) y
Command> save
server2#
now you can encrypt/decrypt things using the keys generated in step 1 on this new server
