}
do_dup_gpg_passphrase() {
- local question="Enter the passphrase needed to $@:"
+ local question="Enter the passphrase needed to unlock the GnuPG key:"
REPLY=
while [ -z "$REPLY" -o -z "$dup_gpg_password" ]; do
passwordBox "$dup_title - GnuPG" "$question"
fi
fi
- # a passphrase is only needed when signing, or when symmetric encryption is used
- if [ "$dup_gpg_asymmetric_encryption" == "no" ]; then
- do_dup_gpg_passphrase "encrypt the backups"
- [ $? = 0 ] || return 1
- elif [ "$dup_gpg_sign" == "yes" ]; then
- if [ -z "$dup_gpg_signkey" ]; then
- do_dup_gpg_passphrase "unlock the GnuPG 0x$dup_gpg_signkey key used to sign the backups"
- [ $? = 0 ] || return 1
- else
- do_dup_gpg_passphrase "unlock the GnuPG 0x$dup_gpg_encryptkey key used to sign the backups"
- [ $? = 0 ] || return 1
- fi
- fi
+ # a passphrase is alway needed
+ do_dup_gpg_passphrase
_gpg_done="(DONE)"
setDefault adv
######################################################
## gpg section
-## (how to encrypt and optionnally sign the backups)
+## (how to encrypt and optionally sign the backups)
##
-## WARNING: old (pre-0.9.2) example.dup used to give wrong information about
-## the way the following options are used. Please read ahead
+## WARNING: old (pre-0.9.4) example.dup used to give wrong information about
+## the way the following options are used. Please read the following
## carefully.
##
## If the encryptkey variable is set:
## - data is encrypted with the GnuPG public key specified by the encryptkey
## variable
-## - if signing is enabled, the password variable is used to unlock the GnuPG
-## private key used for signing; else, you do not need to set the password
-## variable
+## - if signing is enabled, data is signed with the GnuPG private
+## key specified by the signkey variable
+## - the password variable is used to unlock the GnuPG key(s) used
+## for encryption and (optionnal) signing
+##
## If the encryptkey option is not set:
## - data signing is not possible
## - the password variable is used to encrypt the data with symmetric
[gpg]
-# when set to yes, encryptkey variable must be set bellow; if you want to use
+# when set to yes, encryptkey variable must be set below; if you want to use
# two different keys for encryption and signing, you must also set the signkey
-# variable bellow.
-# default is no, for backward compatibility with backupninja <= 0.5.
+# variable below.
+# default is no, for backwards compatibility with backupninja <= 0.5.
sign = $dup_gpg_sign
# ID of the GnuPG public key used for data encryption.
signkey = $dup_gpg_signkey
# password
-# NB: do not quote it, and it should not contain any quote
+# NB: neither quote this, nor should it include any quotes
password = $dup_gpg_password
######################################################
keep = $dup_keep
# bandwith limit, in kbit/s ; default is 0, i.e. no limit
+# NB: does not work anymore with duplicity >=0.4.2, work in progress to fix this
#bandwidthlimit = 128
bandwidthlimit = $dup_bandwidth