Front page

Encrypting with a local and a shared key

8fe201a9fdf1449a95e766f52be51ca5
PAYDAY TOMORROW ABSURD

From: Lars Kruse <lists@sumpfralle.de>
Date: Sat, 4 Jun 2016 18:50:01 +0200

   Hi Frederik,
   
   Am Sat, 4 Jun 2016 20:39:46 +0800
   schrieb Frederik Vanrenterghem <frederik@vanrenterghem.biz>:
   
   
   > I have tried encrypting several servers to a single backup server using a
   > local gpg key on each server as well as a central one (to avoid problems
   > when the local server's key is lost), [..]
   
   I used this specific setup for backing up servers, as well. Thus it should
   work technically.
   
   If I remember correctly, I was a bit surprised that I needed to add the central
   key once to the repository in general ("shared toplevels") and once to all
   relevant clients:
    obnam --keyid FOO add-key
    obnam --keyid FOO add-key CLIENT1 CLIENT2
   
   Maybe you missed this detail?
   If not: what errors exactly do you experience?
   
   Cheers,
   Lars
   
   
   _______________________________________________
   obnam-support mailing list
   obnam-support@obnam.org
   http://listmaster.pepperfish.net/cgi-bin/mailman/listinfo/obnam-support-obnam.org
From: Frederik Vanrenterghem <frederik@vanrenterghem.biz>
Date: Sat, 4 Jun 2016 20:39:46 +0800

   Does anyone have some more details on
   http://code.liw.fi/obnam/manual/manual.html#fixme-managing-encryption-keys-in-a-repository
   
   I have tried encrypting several servers to a single backup server using a
   local gpg key on each server as well as a central one (to avoid problems
   when the local server's key is lost), but it appears there's a need to have
   the central secret gpg locally too to do so. I guess I'm not doing it
   right, as that seems to defeat the purpose of using specific keys per
   server.
   
   What would the basic obnam configurations look like, and where should the
   public and secret key(s) be?
   
   Thank you,
   Frederik