I'd like to use duplicity to backup files and I'd like to encrypt them with GnuPG. I was wondering why duplicity asks for a passphrase to encrypt the files. For asymmetric encryption the passphrase is only needed for decryption.
I was using the following command:
duplicity full --encrypt-key="KEY-ID" --sign-key="KEY-ID" /path/to/source file://path/to/destination
I expected duplicity to use the public part of the given "KEY-ID" to encrypt the backup. Am I getting something wrong?
You're right, encryption only requires the public key, which is not protected by a passphrase.
There are two reasons Duplicity might require the private key passphrase: