New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

GPG asymmetric encryption module #2270

Open
kenkendk opened this Issue Jan 20, 2017 · 9 comments

Comments

Projects
None yet
4 participants
@kenkendk
Member

kenkendk commented Jan 20, 2017

It is currently possible to get GPG encryption working with a key, by setting the switches manually like this:

--encryption-module=gpg
--gpg-encryption-command=--encrypt
--gpg-encryption-switches=--recipient "xxx@zzz.com"
--gpg-decryption-command=--decrypt
--passphrase=unused

You also need to set the trust level of the key to 5, for example:

gpg --edit-key "xxx@zzz.com" trust

It would be nice if there was a module, say gpg-pubkey or similar that simply sets these options. Perhaps the passphrase could be used for the recipient, but that might get messy if you want to change it later.


Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

@Antergosgeek

This comment has been minimized.

Show comment
Hide comment
@Antergosgeek

Antergosgeek Mar 3, 2017

This would be great to have as a standard feature. I have to admit the described solution didn't fully work for me or better said I was unable to follow it due to my lack of knowledge. I didn't use the commandline tool but the standard web interface of Duplicati 2.0 and used Advanced Options and edited as text. When I was done and ran the backup I got an error "unable to change password". Also I have a question in regards to where do you put the key file? How does duplicati find the correct key to use since it doesn't refer to my normal gnupg4win folder. The pass phrase here is separate from the pass phrase of the actual key I am assuming, correct? I'd appreciate your help. However I fully agree that an option for asymmetric encryption in which you can specify your own pgp key would be something very desirable since this is the most secure option in my opinion.

Antergosgeek commented Mar 3, 2017

This would be great to have as a standard feature. I have to admit the described solution didn't fully work for me or better said I was unable to follow it due to my lack of knowledge. I didn't use the commandline tool but the standard web interface of Duplicati 2.0 and used Advanced Options and edited as text. When I was done and ran the backup I got an error "unable to change password". Also I have a question in regards to where do you put the key file? How does duplicati find the correct key to use since it doesn't refer to my normal gnupg4win folder. The pass phrase here is separate from the pass phrase of the actual key I am assuming, correct? I'd appreciate your help. However I fully agree that an option for asymmetric encryption in which you can specify your own pgp key would be something very desirable since this is the most secure option in my opinion.

@kenkendk

This comment has been minimized.

Show comment
Hide comment
@kenkendk

kenkendk Mar 8, 2017

Member

@Antergosgeek You cannot change the passphrase of the backup, because Duplicati does not support more than one passphrase at a time. If you were able to change the passphrase, some files could be encrypted with one passphrase, others with another passphrase, and it would be impossible (rather: difficult) to restore.

If you use the GPG asymmetric setup, the passphrase here is actually unused, but a value is required because Duplicati enforces it.

I have not tried using GPG this way myself, so the setup is from other users. I do not know how GPG manages its keys. You can set --gpg-program-path to point to your gnupg4win gpg.exe file if that fixes things.

Member

kenkendk commented Mar 8, 2017

@Antergosgeek You cannot change the passphrase of the backup, because Duplicati does not support more than one passphrase at a time. If you were able to change the passphrase, some files could be encrypted with one passphrase, others with another passphrase, and it would be impossible (rather: difficult) to restore.

If you use the GPG asymmetric setup, the passphrase here is actually unused, but a value is required because Duplicati enforces it.

I have not tried using GPG this way myself, so the setup is from other users. I do not know how GPG manages its keys. You can set --gpg-program-path to point to your gnupg4win gpg.exe file if that fixes things.

@Antergosgeek

This comment has been minimized.

Show comment
Hide comment
@Antergosgeek

Antergosgeek Mar 12, 2017

@kenkendk
I found how the key management works it works through your gnupg4win installation. Also if you have set the PATH under environment variable in windows for your Gnupg installation e.g. C:\Program Files\GNU\GnuPG\pub then it will find it automatically. But thank you a lot for the help! Also you can set the password in the GUI but it needs to be identical to the keys passphrase just as described from you!
I have tried this successfully with asymmetrical encryption with my own key with trust level 5 (ultimate) granted you entered a passphrase and it is the passphrase of your key in the GUI by setting the following options in STEP 5 under Advanced Options --> Edit as text:

--gpg-encryption-command=--encrypt --gpg-encryption-switches=--recipient "xxx@zzz.com" --gpg-decryption-command=--decrypt

The trust level of the key is set in a normal cmd prompt (Windows key + R --> CMD) then the above mentioned command then follow the on screen prompts. You can also do that in KLEOPATRA if you use gpg4win.

Antergosgeek commented Mar 12, 2017

@kenkendk
I found how the key management works it works through your gnupg4win installation. Also if you have set the PATH under environment variable in windows for your Gnupg installation e.g. C:\Program Files\GNU\GnuPG\pub then it will find it automatically. But thank you a lot for the help! Also you can set the password in the GUI but it needs to be identical to the keys passphrase just as described from you!
I have tried this successfully with asymmetrical encryption with my own key with trust level 5 (ultimate) granted you entered a passphrase and it is the passphrase of your key in the GUI by setting the following options in STEP 5 under Advanced Options --> Edit as text:

--gpg-encryption-command=--encrypt --gpg-encryption-switches=--recipient "xxx@zzz.com" --gpg-decryption-command=--decrypt

The trust level of the key is set in a normal cmd prompt (Windows key + R --> CMD) then the above mentioned command then follow the on screen prompts. You can also do that in KLEOPATRA if you use gpg4win.

@akyag

This comment has been minimized.

Show comment
Hide comment
@akyag

akyag Mar 1, 2018

Is there a way to use the asymmetric encryption? I am currently using my own python scripts to zip and encrypt stuff. Duplicati looks amazing and quite configurable except the part of being able to use my gpg key to encrypt. Since I believe that is the most convenient and secure way for me.

I tried the above way but was unsuccessful. Was unable to change passphrase and also tried importing config but that failed due to syntax errors. Has anyone tried using asymmetric method? Will it be possible from the Duplicati UI in future?

akyag commented Mar 1, 2018

Is there a way to use the asymmetric encryption? I am currently using my own python scripts to zip and encrypt stuff. Duplicati looks amazing and quite configurable except the part of being able to use my gpg key to encrypt. Since I believe that is the most convenient and secure way for me.

I tried the above way but was unsuccessful. Was unable to change passphrase and also tried importing config but that failed due to syntax errors. Has anyone tried using asymmetric method? Will it be possible from the Duplicati UI in future?

@Antergosgeek

This comment has been minimized.

Show comment
Hide comment
@Antergosgeek

Antergosgeek Mar 2, 2018

I have successfully used asymmetric encryption as described above.
You have to use these advanced settings in the last page of your backup configuration in duplicati

--gpg-encryption-command=--encrypt
--gpg-encryption-switches=--recipient "whatveryouremaildaress@whatever.com"
--gpg-decryption-command=--decrypt

Also you got to have the trust level of your PGP Key set to level 5 (Ultimate) before otherwise it will not be accepted.

Additionally You need to correctly set the environment variable for your gnupg installation so that duplicati can find it.
Set the PATH under environment variable in windows for your Gnupg installation e.g. C:\Program Files\GNU\GnuPG\pub

As Passphrase in duplicati on the first page of the backup configuration you need to use the passphrase of your PGP key and you got to specify PGP as your Encryption Method.

This way I have successfully used duplicati with PGP. Let me know if this doesnt work for you then I will try to help.

Antergosgeek commented Mar 2, 2018

I have successfully used asymmetric encryption as described above.
You have to use these advanced settings in the last page of your backup configuration in duplicati

--gpg-encryption-command=--encrypt
--gpg-encryption-switches=--recipient "whatveryouremaildaress@whatever.com"
--gpg-decryption-command=--decrypt

Also you got to have the trust level of your PGP Key set to level 5 (Ultimate) before otherwise it will not be accepted.

Additionally You need to correctly set the environment variable for your gnupg installation so that duplicati can find it.
Set the PATH under environment variable in windows for your Gnupg installation e.g. C:\Program Files\GNU\GnuPG\pub

As Passphrase in duplicati on the first page of the backup configuration you need to use the passphrase of your PGP key and you got to specify PGP as your Encryption Method.

This way I have successfully used duplicati with PGP. Let me know if this doesnt work for you then I will try to help.

@akyag

This comment has been minimized.

Show comment
Hide comment
@akyag

akyag Mar 2, 2018

Oh perfect! Thanks a lot.. I successfully encrypted, verified that it was done using my private key and then successfully decrypted and restored as well. The thing I was missing was using my gpg passphrase on first page. Once again, thank you ! :)

Also to others who might not see the gpg configuration options in beta, I saw them once I switched to Canary version

akyag commented Mar 2, 2018

Oh perfect! Thanks a lot.. I successfully encrypted, verified that it was done using my private key and then successfully decrypted and restored as well. The thing I was missing was using my gpg passphrase on first page. Once again, thank you ! :)

Also to others who might not see the gpg configuration options in beta, I saw them once I switched to Canary version

@Antergosgeek

This comment has been minimized.

Show comment
Hide comment
@Antergosgeek

Antergosgeek Mar 4, 2018

You are very welcome. Glad I could help!

Antergosgeek commented Mar 4, 2018

You are very welcome. Glad I could help!

@dEad0r

This comment has been minimized.

Show comment
Hide comment
@dEad0r

dEad0r Jun 18, 2018

Thanks for all the information here. Worked for me, though I had to point to the full file path of the GPG executable (C:\Program Files (x86)\GnuPG\bin\gpg.exe) for the parameter gpg-program-path (I used the GUI).
@kenkendk: I haven't found any Wiki or FAQs for this. Happy to write some if you point me to the right place and the expected format for a setup guide!

@akyag: The encryption is done using your public key, not your private key. You should only need your private key to decrypt the backup.

For me the point of using GPG encryption vs. the inbuilt AES one would be to avoid storing the encryption passphrase on the server where Duplicati runs.
Imagine the following scenario: Your server that runs Duplicati (which, for example, backs up from a network share of another server in a private network and regularly uploads the encrypted backup to Google Drive) gets compromised or stolen. The thief then extracts the auth token for your Google Drive folder and the passphrase from your Duplicati config to download and decrypt all your data very quickly and without you noticing this high-traffic activity.
If you used GPG, she would additionally need to extract the private key of the encrypted key of gpg4win using the passphrase from the Duplicati config - that's just one more simple step, hence it's not more secure than using an AES passphrase with the in-built AES solution.
To protect from this kind of attack, the private key should not be stored (and not even have been generated) on the Duplicati server.
I'm currently testing my setup where I have generated a pub&priv keypair on another server and only imported the public key onto the machine running Duplicati. I'll post another message here if I run into problems restoring my files on a machine where I'll import the private key for test purposes.

dEad0r commented Jun 18, 2018

Thanks for all the information here. Worked for me, though I had to point to the full file path of the GPG executable (C:\Program Files (x86)\GnuPG\bin\gpg.exe) for the parameter gpg-program-path (I used the GUI).
@kenkendk: I haven't found any Wiki or FAQs for this. Happy to write some if you point me to the right place and the expected format for a setup guide!

@akyag: The encryption is done using your public key, not your private key. You should only need your private key to decrypt the backup.

For me the point of using GPG encryption vs. the inbuilt AES one would be to avoid storing the encryption passphrase on the server where Duplicati runs.
Imagine the following scenario: Your server that runs Duplicati (which, for example, backs up from a network share of another server in a private network and regularly uploads the encrypted backup to Google Drive) gets compromised or stolen. The thief then extracts the auth token for your Google Drive folder and the passphrase from your Duplicati config to download and decrypt all your data very quickly and without you noticing this high-traffic activity.
If you used GPG, she would additionally need to extract the private key of the encrypted key of gpg4win using the passphrase from the Duplicati config - that's just one more simple step, hence it's not more secure than using an AES passphrase with the in-built AES solution.
To protect from this kind of attack, the private key should not be stored (and not even have been generated) on the Duplicati server.
I'm currently testing my setup where I have generated a pub&priv keypair on another server and only imported the public key onto the machine running Duplicati. I'll post another message here if I run into problems restoring my files on a machine where I'll import the private key for test purposes.

@akyag

This comment has been minimized.

Show comment
Hide comment
@akyag

akyag Jun 19, 2018

@dEad0r yes that's what I meant.. my bad

akyag commented Jun 19, 2018

@dEad0r yes that's what I meant.. my bad

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment