Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

GPG asymmetric encryption module #2270

Open
kenkendk opened this issue Jan 20, 2017 · 15 comments
Open

GPG asymmetric encryption module #2270

kenkendk opened this issue Jan 20, 2017 · 15 comments

Comments

@kenkendk
Copy link
Member

@kenkendk kenkendk commented Jan 20, 2017

It is currently possible to get GPG encryption working with a key, by setting the switches manually like this:

--encryption-module=gpg
--gpg-encryption-command=--encrypt
--gpg-encryption-switches=--recipient "xxx@zzz.com"
--gpg-decryption-command=--decrypt
--passphrase=unused

You also need to set the trust level of the key to 5, for example:

gpg --edit-key "xxx@zzz.com" trust

It would be nice if there was a module, say gpg-pubkey or similar that simply sets these options. Perhaps the passphrase could be used for the recipient, but that might get messy if you want to change it later.


Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

@Antergosgeek
Copy link

@Antergosgeek Antergosgeek commented Mar 3, 2017

This would be great to have as a standard feature. I have to admit the described solution didn't fully work for me or better said I was unable to follow it due to my lack of knowledge. I didn't use the commandline tool but the standard web interface of Duplicati 2.0 and used Advanced Options and edited as text. When I was done and ran the backup I got an error "unable to change password". Also I have a question in regards to where do you put the key file? How does duplicati find the correct key to use since it doesn't refer to my normal gnupg4win folder. The pass phrase here is separate from the pass phrase of the actual key I am assuming, correct? I'd appreciate your help. However I fully agree that an option for asymmetric encryption in which you can specify your own pgp key would be something very desirable since this is the most secure option in my opinion.

@kenkendk
Copy link
Member Author

@kenkendk kenkendk commented Mar 8, 2017

@Antergosgeek You cannot change the passphrase of the backup, because Duplicati does not support more than one passphrase at a time. If you were able to change the passphrase, some files could be encrypted with one passphrase, others with another passphrase, and it would be impossible (rather: difficult) to restore.

If you use the GPG asymmetric setup, the passphrase here is actually unused, but a value is required because Duplicati enforces it.

I have not tried using GPG this way myself, so the setup is from other users. I do not know how GPG manages its keys. You can set --gpg-program-path to point to your gnupg4win gpg.exe file if that fixes things.

@Antergosgeek
Copy link

@Antergosgeek Antergosgeek commented Mar 12, 2017

@kenkendk
I found how the key management works it works through your gnupg4win installation. Also if you have set the PATH under environment variable in windows for your Gnupg installation e.g. C:\Program Files\GNU\GnuPG\pub then it will find it automatically. But thank you a lot for the help! Also you can set the password in the GUI but it needs to be identical to the keys passphrase just as described from you!
I have tried this successfully with asymmetrical encryption with my own key with trust level 5 (ultimate) granted you entered a passphrase and it is the passphrase of your key in the GUI by setting the following options in STEP 5 under Advanced Options --> Edit as text:

--gpg-encryption-command=--encrypt --gpg-encryption-switches=--recipient "xxx@zzz.com" --gpg-decryption-command=--decrypt

The trust level of the key is set in a normal cmd prompt (Windows key + R --> CMD) then the above mentioned command then follow the on screen prompts. You can also do that in KLEOPATRA if you use gpg4win.

@akyag
Copy link

@akyag akyag commented Mar 1, 2018

Is there a way to use the asymmetric encryption? I am currently using my own python scripts to zip and encrypt stuff. Duplicati looks amazing and quite configurable except the part of being able to use my gpg key to encrypt. Since I believe that is the most convenient and secure way for me.

I tried the above way but was unsuccessful. Was unable to change passphrase and also tried importing config but that failed due to syntax errors. Has anyone tried using asymmetric method? Will it be possible from the Duplicati UI in future?

@Antergosgeek
Copy link

@Antergosgeek Antergosgeek commented Mar 2, 2018

I have successfully used asymmetric encryption as described above.
You have to use these advanced settings in the last page of your backup configuration in duplicati

--gpg-encryption-command=--encrypt
--gpg-encryption-switches=--recipient "whatveryouremaildaress@whatever.com"
--gpg-decryption-command=--decrypt

Also you got to have the trust level of your PGP Key set to level 5 (Ultimate) before otherwise it will not be accepted.

Additionally You need to correctly set the environment variable for your gnupg installation so that duplicati can find it.
Set the PATH under environment variable in windows for your Gnupg installation e.g. C:\Program Files\GNU\GnuPG\pub

As Passphrase in duplicati on the first page of the backup configuration you need to use the passphrase of your PGP key and you got to specify PGP as your Encryption Method.

This way I have successfully used duplicati with PGP. Let me know if this doesnt work for you then I will try to help.

@akyag
Copy link

@akyag akyag commented Mar 2, 2018

Oh perfect! Thanks a lot.. I successfully encrypted, verified that it was done using my private key and then successfully decrypted and restored as well. The thing I was missing was using my gpg passphrase on first page. Once again, thank you ! :)

Also to others who might not see the gpg configuration options in beta, I saw them once I switched to Canary version

@Antergosgeek
Copy link

@Antergosgeek Antergosgeek commented Mar 4, 2018

You are very welcome. Glad I could help!

@dEad0r
Copy link

@dEad0r dEad0r commented Jun 18, 2018

Thanks for all the information here. Worked for me, though I had to point to the full file path of the GPG executable (C:\Program Files (x86)\GnuPG\bin\gpg.exe) for the parameter gpg-program-path (I used the GUI).
@kenkendk: I haven't found any Wiki or FAQs for this. Happy to write some if you point me to the right place and the expected format for a setup guide!

@akyag: The encryption is done using your public key, not your private key. You should only need your private key to decrypt the backup.

For me the point of using GPG encryption vs. the inbuilt AES one would be to avoid storing the encryption passphrase on the server where Duplicati runs.
Imagine the following scenario: Your server that runs Duplicati (which, for example, backs up from a network share of another server in a private network and regularly uploads the encrypted backup to Google Drive) gets compromised or stolen. The thief then extracts the auth token for your Google Drive folder and the passphrase from your Duplicati config to download and decrypt all your data very quickly and without you noticing this high-traffic activity.
If you used GPG, she would additionally need to extract the private key of the encrypted key of gpg4win using the passphrase from the Duplicati config - that's just one more simple step, hence it's not more secure than using an AES passphrase with the in-built AES solution.
To protect from this kind of attack, the private key should not be stored (and not even have been generated) on the Duplicati server.
I'm currently testing my setup where I have generated a pub&priv keypair on another server and only imported the public key onto the machine running Duplicati. I'll post another message here if I run into problems restoring my files on a machine where I'll import the private key for test purposes.

@akyag
Copy link

@akyag akyag commented Jun 19, 2018

@dEad0r yes that's what I meant.. my bad

@lefherz
Copy link

@lefherz lefherz commented Oct 19, 2018

@dEad0r do you have some experience to share? I'm very interested in such a setup.

do you maybe have a duplicati-cli command you use for this?

@dEad0r
Copy link

@dEad0r dEad0r commented Oct 20, 2018

@lefherz
Copy link

@lefherz lefherz commented Oct 26, 2018

@lefherz
Copy link

@lefherz lefherz commented Nov 5, 2018

@dEad0r this time I tested removing the private key again, with gpg --delete-secret-key email@example.org. I could not reproduce your error, everything fine.

@b3yond
Copy link

@b3yond b3yond commented Nov 17, 2018

As Passphrase in duplicati on the first page of the backup configuration you need to use the passphrase of your PGP key and you got to specify PGP as your Encryption Method.

This does not make sense. In GPG, the passphrase is only used for the private key. The whole reason for asymmetric encryption is that the private key is not on the machine.

Why would duplicati save the password for the GPG key on the machine? They are just throwing one of the two factors away that way.

On the other hand, on the web interface I was unable to set the --passphrase=unused option which makes the cli command work. This means you have to set a passphrase.

@bugith
Copy link

@bugith bugith commented Apr 15, 2020

I'm following this thread/issue with huge interest. My setup would be the following : use gpg asym for backup to local storage (i.e. same machine running duplicati) then synchronize the whole backup folder with another tool (synthing or rsync). I find here that nobody raises this thing that duplicati needs a way to decrypt not only to restore a backup but also to sample check the backup is OK. Hence duplicati needs access to the private key.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
7 participants
You can’t perform that action at this time.