Hi,
I'm trying to automate my backup system (using duplicity).
The problem is, I add my gpg key to the keychain during startup, it asks for passphrase, everything is ok.
The key itself has two subkeys:
Code:
pub 2048R/D4C3EE31 created: 2010-09-14 expires: 2011-04-30 usage: SC
trust: ultimate validity: ultimate
sub 2048R/BE994706 created: 2010-09-14 expires: 2011-04-30 usage: E
Then I run duplicity with --encrypt-key option, choosing which key to use for encryption: D4C3EE31
Code:
duplicity --encrypt-key D4C3EE31 /dir-to-backup /target-dir
But - if an archive already exists, it tries to decrypt it and asks for passphrase, if not given any returns an error message like this:
Code:
===== Begin GnuPG log =====
gpg: encrypted with 2048-bit RSA key, ID BE994706, created 2010-09-14
"existence.unreliable <existence.unreliable@gmail.com>"
gpg: public key decryption failed: Bad passphrase
gpg: decryption failed: No secret key
===== End GnuPG log =====
Tried adding the BE994706 key to the keychain too - the result is the same.
So... I understand that there are two subkeys in my gpg key: one for signing, one for encryption. Does keychain treat them separately, caching only the signing one? If so, how can I cache the encryption key?
Sorry for the incoherence, I'm quite a bit confused about this whole multiple keys matter.