LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   GPG subkeys in keychain confusion (also duplicity) (https://www.linuxquestions.org/questions/linux-security-4/gpg-subkeys-in-keychain-confusion-also-duplicity-849663/)

rrije 12-11-2010 01:32 PM
GPG subkeys in keychain confusion (also duplicity)
 
Hi,

I'm trying to automate my backup system (using duplicity).
The problem is, I add my gpg key to the keychain during startup, it asks for passphrase, everything is ok.
The key itself has two subkeys:
Code:
pub  2048R/D4C3EE31  created: 2010-09-14  expires: 2011-04-30  usage: SC 
                    trust: ultimate      validity: ultimate
sub  2048R/BE994706  created: 2010-09-14  expires: 2011-04-30  usage: E
Then I run duplicity with --encrypt-key option, choosing which key to use for encryption: D4C3EE31
Code:
duplicity --encrypt-key D4C3EE31 /dir-to-backup /target-dir
But - if an archive already exists, it tries to decrypt it and asks for passphrase, if not given any returns an error message like this:
Code:
===== Begin GnuPG log =====
gpg: encrypted with 2048-bit RSA key, ID BE994706, created 2010-09-14
"existence.unreliable <existence.unreliable@gmail.com>"
gpg: public key decryption failed: Bad passphrase
gpg: decryption failed: No secret key
===== End GnuPG log =====
Tried adding the BE994706 key to the keychain too - the result is the same.
So... I understand that there are two subkeys in my gpg key: one for signing, one for encryption. Does keychain treat them separately, caching only the signing one? If so, how can I cache the encryption key?

Sorry for the incoherence, I'm quite a bit confused about this whole multiple keys matter.


All times are GMT -5. The time now is 10:27 PM.