One of the advantages of duplicity is that it provides for integrated encryption of backup files. We'll need two gpg keys for our backups; an "encryption key" and a "signature key." Our encryption key is used to protect the data in the backup files from snooping on the backup server, while the signature key is used to ensure the integrity of the backup files.

Duplicity's --encrypt-key option allows a user to specify either a symmetric or public key with which to encrypt the backup archives. Duplicity's --sign-key option specifies either a symmetric or public key with which to sign the backup archives. If encryption is turned on, and the --sign-key option is omitted, the --encrypt-key key is also used to sign the archives.

Note that the private key for the signature key (or the encryption key if --sign-key is omitted) must be available to duplicity when it runs. Duplicity also requires the passphrase for the signing key be either entered manually or stored in an environment variable. If our encryption key and signature key are the same, then a compromise of the server means a compromise of the backed up data as well. We'll therefore use separate encryption and signature keys.

Since the encryption key we're about to generate is going to be used to protect important data (passwords, email, documents) the private key should itself be well protected. Ideally, the keys should be stored on a secure drive that you keep on your person at all times, or failing that, a laptop that is well protected and not usually connected to a network.

4.2. Generating GPG Keys

First, we'll generate the signature key, owned by root, with the passphrase "signtest".

~# gpg --gen-key gpg (GnuPG) 1.2.5; Copyright (C) 2004 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. Please select what kind of key you want: (1) DSA and ElGamal (default) (2) DSA (sign only) (4) RSA (sign only) Your selection? 1 DSA keypair will have 1024 bits. About to generate a new ELG-E keypair. minimum keysize is 768 bits default keysize is 1024 bits highest suggested keysize is 2048 bits What keysize do you want? (1024) 1024 Requested keysize is 1024 bits Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) 1y Key expires at Tue Mar 7 16:45:18 2006 PST Is this correct (y/n)? y You need a User-ID to identify your key; the software constructs the user id from Real Name, Comment and Email Address in this form: "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>" Real name: signtest Email address: signtest@example.com Comment: signtest You selected this USER-ID: "signtest (signtest) <signtest@example.com>" Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O You need a Passphrase to protect your secret key. We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. ++++++++++++++++++++++++++++++.+++++++++++++++++++++++++++++++++++++++++++++++++ +.++++++++++..+++++.+++++.++++++++++.++++++++++++++++++++>++++++++++.......>..++ +++..+++++ +++++++++++++++++++++++++++++++++++.++++++++++.+++++.+++++++++++d+++++++++++++++ +++++++++++++++++++.+++++++++++++++.++++++++++++++++++++f.....>+++++.d....f..... ..>+++++.....+++++^^^ public and secret key created and signed. key marked as ultimately trusted. pub 1024D/B036117C 2005-03-08 signtest (signtest) <signtest@example.com> Key fingerprint = F278 70A7 656A 7692 4453 6F3D 7A5C 98A1 B036 117C sub 1024g/5D2059A1 2005-03-08 [expires: 2006-03-08]

For convenience, we'll create a local user to own the encryption key. Do not do this for a production environment.

~# adduser Enter a username to add: backuptest Adding user `backuptest'... Adding new group `backuptest' (1001). Adding new user `backuptest' (1001) with group `backuptest'. Creating home directory `/home/backuptest'. Copying files from `/etc/skel' Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully Changing the user information for backuptest Enter the new value, or press ENTER for the default Full Name []: Room Number []: Work Phone []: Home Phone []: Other []: Is the information correct? [y/N] y

Next, we'll generate the encryption key, owned by our backuptest user, with the passphrase "backuptest".

~# su - backuptest backuptest@debian:~$ gpg --gen-key gpg (GnuPG) 1.2.5; Copyright (C) 2004 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. gpg: /home/backuptest/.gnupg: directory created gpg: new configuration file `/home/backuptest/.gnupg/gpg.conf' created gpg: WARNING: options in `/home/backuptest/.gnupg/gpg.conf' are not yet active d uring this run gpg: keyring `/home/backuptest/.gnupg/secring.gpg' created gpg: keyring `/home/backuptest/.gnupg/pubring.gpg' created Please select what kind of key you want: (1) DSA and ElGamal (default) (2) DSA (sign only) (4) RSA (sign only) Your selection? 1 DSA keypair will have 1024 bits. About to generate a new ELG-E keypair. minimum keysize is 768 bits default keysize is 1024 bits highest suggested keysize is 2048 bits What keysize do you want? (1024) 1024 Requested keysize is 1024 bits Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) 1y Key expires at Tue Mar 7 16:46:18 2006 PST Is this correct (y/n)? y You need a User-ID to identify your key; the software constructs the user id from Real Name, Comment and Email Address in this form: "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>" Real name: backuptest Email address: backuptest@example.com Comment: backuptest You selected this USER-ID: "backuptest (backuptest) <backuptest@example.com>" Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O You need a Passphrase to protect your secret key. We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. +++++.+++++++++++++++++++++++++++++++++++++++++++++.+++++..++++++++++++++++++++. ++++++++++++++++++++.+++++.++++++++++++++++++++.++++++++++>+++++.+++++>+++++.... .................................................+++++ +++++++++++++++.+++++.+++++.+++++++++++++++++++++++++.....++++++++++...+++++++++ ++++++.+++++++++++++++.++++++++++++++++++++++++++++++.++++++++++>.+++++......... ......+++++^^^^^^^^^^^^^^^^^ gpg: /home/backuptest/.gnupg/trustdb.gpg: trustdb created public and secret key created and signed. key marked as ultimately trusted. pub 1024D/AFC6DCD1 2005-03-08 backuptest (backuptest) <backuptest@example.com> Key fingerprint = D025 7E7A 1BF2 5CA9 82DD EC54 2555 D7B6 AFC6 DCD1 sub 1024g/FEB03CBA 2005-03-08 [expires: 2006-03-08]

We'll export the public key for backuptest to a file:

backuptest:~$ gpg --armor --export backuptest > key.out

Alternatively, we could mail this key to a user on another domain:

backuptest:~$ gpg --armor --export backuptest | mail root@example.com

As root, we import the key sent to us by backuptest:

~# gpg --import /home/backuptest/key.out gpg: key AFC6DCD1: public key "backuptest (backuptest) <backuptest@example.com>" imported gpg: Total number processed: 1 gpg: imported: 1

And list our available keys:

~# gpg --list-keys /root/.gnupg/pubring.gpg ------------------------ pub 1024D/B036117C 2005-03-08 signtest (signtest) <signtest@example.com> sub 1024g/5D2059A1 2005-03-08 [expires: 2006-03-08] pub 1024D/AFC6DCD1 2005-03-08 backuptest (backuptest) <backuptest@example.com> sub 1024g/FEB03CBA 2005-03-08 [expires: 2006-03-08]

Finally, we must sign the key sent to us by backuptest (after checking the fingerprint, if backuptest is another human being):