Password mandatory for asymmetric GPG encryption in the web interface

[b3yond]

• I have searched open and closed issues for duplicates.

---

Environment info

• Duplicati version: 2.0.4.4
• Operating system: Debian 9
• Backend: webDAV

Description

GPG only seems to work with a workaround on the command line. This workaround is artificially blocked in the web interface.

According to #2270 you can use GPG as encryption module at backup when you specify --passphrase=unused. The web interface artificially forbids you to not use a passphrase and requires you to set a passphrase in the General configuration of the backup (first page).

Setting --passphrase=unused manually at Advanced Options doesn't change anything in the web interface. I guess it's overridden by the encryption passphrase from the first page.

If you set the encryption passphrase from the first page to "unused", it accepts the command. But when you execute the backup, it backups zero files.

The backup logs say everything is fine though.

In short: GPG encryption is unusable in the web interface right now.

Steps to reproduce

1. Set a backup in the web interface.
2. Set passphrase to unused in the first page
3. Set the encrpytion module to GPG in the first page.
4. Set the rest of the GPG encryption flags in the 5th page:

• --gpg-encryption-command=--encrypt
• --gpg-encryption-switches=--recipient\ "mail@example.org"

5. Save the settings and start backup
6. See that the backup says: "Backup: 0 bytes / 0 Versions"
7. Check that the backend stays empty, no files saved at all

• Actual result:
  It does not backup anything

• Expected result:
  When I set the passphrase to "unused", it backs everything up, and I can restore it later using only the GPG private key, but not the passphrase.

Screenshots

Debug log

DeletedFiles: 0 DeletedFolders: 0 ModifiedFiles: 0 ExaminedFiles: 1 OpenedFiles: 1 AddedFiles: 1 SizeOfModifiedFiles: 0 SizeOfAddedFiles: 6926836 SizeOfExaminedFiles: 6926836 SizeOfOpenedFiles: 6926836 NotProcessedFiles: 0 AddedFolders: 0 TooLargeFiles: 0 FilesWithError: 0 ModifiedFolders: 0 ModifiedSymlinks: 0 AddedSymlinks: 0 DeletedSymlinks: 0 PartialBackup: False Dryrun: False MainOperation: Backup CompactResults: DeletedFileCount: 0 DownloadedFileCount: 0 UploadedFileCount: 0 DeletedFileSize: 0 DownloadedFileSize: 0 UploadedFileSize: 0 Dryrun: False MainOperation: Compact ParsedResult: Success Version: 2.0.4.4 (2.0.4.4_canary_2018-11-14) EndTime: 11/17/2018 10:06:56 AM (1542445616) BeginTime: 11/17/2018 10:06:56 AM (1542445616) Duration: 00:00:00.0130230 Messages: [ 2018-11-17 10:06:12 +01 - [Information-Duplicati.Library.Main.Controller-StartingOperation]: The operation Backup has started, 2018-11-17 10:06:14 +01 - [Information-Duplicati.Library.Main.BasicResults-BackendEvent]: Backend event: List - Started: (), 2018-11-17 10:06:15 +01 - [Information-Duplicati.Library.Main.BasicResults-BackendEvent]: Backend event: List - Completed: (), 2018-11-17 10:06:16 +01 - [Information-Duplicati.Library.Main.BasicResults-BackendEvent]: Backend event: Put - Retrying: test-bc22cd45bdede4f799a102f3c69becaf8.dblock.zip.gpg (), 2018-11-17 10:06:26 +01 - [Information-Duplicati.Library.Main.BasicResults-BackendEvent]: Backend event: Put - Rename: test-bc22cd45bdede4f799a102f3c69becaf8.dblock.zip.gpg (), ... ] Warnings: [] Errors: [] BackendStatistics: RemoteCalls: 2 BytesUploaded: 0 BytesDownloaded: 0 FilesUploaded: 0 FilesDownloaded: 0 FilesDeleted: 0 FoldersCreated: 0 RetryAttempts: 6 UnknownFileSize: 0 UnknownFileCount: 0 KnownFileCount: 0 KnownFileSize: 0 LastBackupDate: 1/1/0001 1:00:00 AM (-62135596800) BackupListCount: 0 TotalQuotaSpace: 0 FreeQuotaSpace: 0 AssignedQuotaSpace: -1 ReportedQuotaError: False ReportedQuotaWarning: False ParsedResult: Success Version: 2.0.4.4 (2.0.4.4_canary_2018-11-14) Messages: [ 2018-11-17 10:06:12 +01 - [Information-Duplicati.Library.Main.Controller-StartingOperation]: The operation Backup has started, 2018-11-17 10:06:14 +01 - [Information-Duplicati.Library.Main.BasicResults-BackendEvent]: Backend event: List - Started: (), 2018-11-17 10:06:15 +01 - [Information-Duplicati.Library.Main.BasicResults-BackendEvent]: Backend event: List - Completed: (), 2018-11-17 10:06:16 +01 - [Information-Duplicati.Library.Main.BasicResults-BackendEvent]: Backend event: Put - Retrying: test-bc22cd45bdede4f799a102f3c69becaf8.dblock.zip.gpg (), 2018-11-17 10:06:26 +01 - [Information-Duplicati.Library.Main.BasicResults-BackendEvent]: Backend event: Put - Rename: test-bc22cd45bdede4f799a102f3c69becaf8.dblock.zip.gpg (), ... ] Warnings: [] Errors: [] DeleteResults: DeletedSets: [] Dryrun: False MainOperation: Delete ParsedResult: Success Version: 2.0.4.4 (2.0.4.4_canary_2018-11-14) EndTime: 11/17/2018 10:06:56 AM (1542445616) BeginTime: 11/17/2018 10:06:56 AM (1542445616) Duration: 00:00:00.0342010 Messages: [ 2018-11-17 10:06:12 +01 - [Information-Duplicati.Library.Main.Controller-StartingOperation]: The operation Backup has started, 2018-11-17 10:06:14 +01 - [Information-Duplicati.Library.Main.BasicResults-BackendEvent]: Backend event: List - Started: (), 2018-11-17 10:06:15 +01 - [Information-Duplicati.Library.Main.BasicResults-BackendEvent]: Backend event: List - Completed: (), 2018-11-17 10:06:16 +01 - [Information-Duplicati.Library.Main.BasicResults-BackendEvent]: Backend event: Put - Retrying: test-bc22cd45bdede4f799a102f3c69becaf8.dblock.zip.gpg (), 2018-11-17 10:06:26 +01 - [Information-Duplicati.Library.Main.BasicResults-BackendEvent]: Backend event: Put - Rename: test-bc22cd45bdede4f799a102f3c69becaf8.dblock.zip.gpg (), ... ] Warnings: [] Errors: [] RepairResults: null TestResults: null ParsedResult: Success Version: 2.0.4.4 (2.0.4.4_canary_2018-11-14) EndTime: 11/17/2018 10:06:57 AM (1542445617) BeginTime: 11/17/2018 10:06:12 AM (1542445572) Duration: 00:00:44.6223490 Messages: [ 2018-11-17 10:06:12 +01 - [Information-Duplicati.Library.Main.Controller-StartingOperation]: The operation Backup has started, 2018-11-17 10:06:14 +01 - [Information-Duplicati.Library.Main.BasicResults-BackendEvent]: Backend event: List - Started: (), 2018-11-17 10:06:15 +01 - [Information-Duplicati.Library.Main.BasicResults-BackendEvent]: Backend event: List - Completed: (), 2018-11-17 10:06:16 +01 - [Information-Duplicati.Library.Main.BasicResults-BackendEvent]: Backend event: Put - Retrying: test-bc22cd45bdede4f799a102f3c69becaf8.dblock.zip.gpg (), 2018-11-17 10:06:26 +01 - [Information-Duplicati.Library.Main.BasicResults-BackendEvent]: Backend event: Put - Rename: test-bc22cd45bdede4f799a102f3c69becaf8.dblock.zip.gpg (), ... ] Warnings: [] Errors: []

[verhoek]

Confirmed. Actually a few things should be fixed, if possible:

• removal of the 'magic'? string "unused"
• the ui should have minimal logic to stop complaining if asymmetric gpg is set
• fix the gpg
• the logging (but that's a more global issue)

From ticket #2270 I understand that you expect to use the public key to be used to encrypt, and your private, wherever it is, to decrypt.
I don't know enough about duplicati's internals if that should work if it's doing some verification of uploads.

[verhoek]

I re-tested it again and it works - albeit the logging can be improved. I forgot to set the trust level of my key to 5. Did you do that?

[b3yond]

Yes, I thought I did that in my command line tries... the user I started the web interface with should also have access to the gpg keyring which stores the trusted public key.

[verhoek]

Ok. Another guess: Try to get rid of your escaping backslash in the encryption switches at recipient: If I put it there, it also doesn't work.

[verhoek]

Preliminary commits that resolve issues I described above can be found in
https://github.com/verhoek/duplicati/tree/issue/3498 .
I'd still like to change some stuff while I'm at it and then make it a PR.