1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
[[!meta title="Why does Obnam want my PGP private key passphrase?"]]
When doing an incremental backup, Obnam reads metadata back from the backup
repository to determine what it needs to back up. For example, names of
files and when they were last modified. The metadata is also encrypted,
and Obnam needs to decrypt it to be able to do an incremental backup.
That is why Obnam needs the passphrase.
Depending on how your GnuPG and its related agent is configured, you
may need to type in the passphrase multiple times during a backup run.
This is because the agent may expire the passphrase: it will remember
it for, say, five minutes or an hour after you enter the passphrase,
but after that you may need to enter the passphrase again. This can be
awkward, and if you're not around to enter the passphrase, the backup
may be terminated in the middle.
There's two ways around that: you can either configure your GnuPG
agent to remember the passphrase for a longer time, possibly
indefinitely, or you can use a private key without a passphrase.
Neither is unproblematic from a security point of view.
In any case, it's not something that Obnam is part of. Obnam only runs
gpg, and if gpg talks to its agent, which asks for a passphrase, or
not, depending on the configuration. There's nothing Obnam can do to
affect this.
|
