# [SOLVED] duplicity won't sign backup

## vcmota

I am having an issue trying to sign my backup using duplicity. When I just encrypt with a public key I get no errors:

```

vinicius@reds ~ $ duplicity --encrypt-key XXXXXXXXXXXXXXXXX /home/vinicius/lost onedrive://lost/

Local and Remote metadata are synchronized, no sync needed.

Last full backup date: none

No signatures found, switching to full backup.

--------------[ Backup Statistics ]--------------

StartTime 1522140051.61 (Tue Mar 27 08:40:51 2018)

EndTime 1522140051.65 (Tue Mar 27 08:40:51 2018)

ElapsedTime 0.04 (0.04 seconds)

SourceFiles 47

SourceFileSize 509644 (498 KB)

NewFiles 47

NewFileSize 509644 (498 KB)

DeletedFiles 0

ChangedFiles 0

ChangedFileSize 0 (0 bytes)

ChangedDeltaSize 0 (0 bytes)

DeltaEntries 47

RawDeltaSize 497356 (486 KB)

TotalDestinationSizeChange 482132 (471 KB)

Errors 0

-------------------------------------------------

vinicius@reds ~ $

```

and everything works as it should: in onedrive I can see all the duplicity files and I also managed to restore without any errors. But when I add the --sign-key option nothing works:

```

vinicius@reds ~ $ duplicity --encrypt-key XXXXXXXXXXXXXXXXX --sign-key XXXXXXXXXXXXXXXXX /home/vinicius/lost onedrive://lost/

Local and Remote metadata are synchronized, no sync needed.

Last full backup date: none

GnuPG passphrase:

GnuPG passphrase for signing key:

No signatures found, switching to full backup.

GPGError: GPG Failed, see log below:

===== Begin GnuPG log =====

gpg: using "XXXXXXXXXXXXXXXXX" as default secret key for signing

gpg: signing failed: Inappropriate ioctl for device

gpg: [stdin]: sign+encrypt failed: Inappropriate ioctl for device

===== End GnuPG log =====

vinicius@reds ~ $

```

One weird thing I noticed is that in the latter case I am asked two times for a passphrase, one for GPG and another for GPG signing. That looks weird, since although it is necessary to insert the passphrase for signing it shouldn't be necessary to do it for encrypting using a public key, since I should be able to encrypt messages for someone else public key, which passphrase I obviously should not have. Also, the same error occurs even if I use the convenience flag "--encrypt-sign-key":

```

vinicius@reds ~ $ duplicity --encrypt-sign-key XXXXXXXXXXXXXXXXX /home/vinicius/lost onedrive://lost/

Synchronizing remote metadata to local cache...

Deleting local /home/vinicius/.cache/duplicity/0f6818ae38730113b207c72df068d06f/duplicity-full-signatures.20180327T084050Z.sigtar.gz (not authoritative at backend).

Deleting local /home/vinicius/.cache/duplicity/0f6818ae38730113b207c72df068d06f/duplicity-full.20180327T084050Z.manifest (not authoritative at backend).

Last full backup date: none

GnuPG passphrase:

GnuPG passphrase for signing key:

No signatures found, switching to full backup.

GPGError: GPG Failed, see log below:

===== Begin GnuPG log =====

gpg: using "XXXXXXXXXXXXXXXXX" as default secret key for signing

gpg: signing failed: Inappropriate ioctl for device

gpg: [stdin]: sign+encrypt failed: Inappropriate ioctl for device

===== End GnuPG log =====

vinicius@reds ~ $

```

Thank you all.Last edited by vcmota on Fri Mar 30, 2018 4:11 am; edited 1 time in total

----------

## hdcg

Hi vcmota,

setting the GPG_TTY variable might solve this issue:

```
export GPG_TTY=$(tty)
```

Best Regards,

Holger

----------

## vcmota

Thank you hdcg for your reply. I was just about to make a post, because I just found the answer in the ArchWiki documentation here in the section troubleshooting. All I had to do was follow the steps  here and now I can back up and restore with either asymmetrical encryption and signature:

```

vinicius@reds ~ $ duplicity --gpg-options="--pinentry-mode=loopback" --encrypt-key=XXXXXXXX --sign-key=XXXXXXXX /home/vinicius/lost onedrive://lost/

Local and Remote metadata are synchronized, no sync needed.

Last full backup date: Wed Mar 28 16:38:38 2018

GnuPG passphrase:

GnuPG passphrase for signing key:

--------------[ Backup Statistics ]--------------

StartTime 1522360202.79 (Thu Mar 29 21:50:02 2018)

EndTime 1522360202.81 (Thu Mar 29 21:50:02 2018)

ElapsedTime 0.01 (0.01 seconds)

SourceFiles 47

SourceFileSize 509644 (498 KB)

NewFiles 0

NewFileSize 0 (0 bytes)

DeletedFiles 0

ChangedFiles 0

ChangedFileSize 0 (0 bytes)

ChangedDeltaSize 0 (0 bytes)

DeltaEntries 0

RawDeltaSize 0 (0 bytes)

TotalDestinationSizeChange 1259 (1.23 KB)

Errors 0

-------------------------------------------------

vinicius@reds ~ $ duplicity onedrive://lost /home/vinicius/temp/

Synchronizing remote metadata to local cache...

GnuPG passphrase:

Copying duplicity-full-signatures.20180328T163838Z.sigtar.gpg to local cache.

Copying duplicity-full.20180328T163838Z.manifest.gpg to local cache.

Copying duplicity-inc.20180328T163838Z.to.20180329T002223Z.manifest.gpg to local cache.

Copying duplicity-inc.20180329T002223Z.to.20180329T214911Z.manifest.gpg to local cache.

Copying duplicity-new-signatures.20180328T163838Z.to.20180329T002223Z.sigtar.gpg to local cache.

Copying duplicity-new-signatures.20180329T002223Z.to.20180329T214911Z.sigtar.gpg to local cache.

Last full backup date: Wed Mar 28 16:38:38 2018

vinicius@reds ~ $

```

If I correctly understood what happened the issue had to do with how other apps manage the gpg keys: gpg agent and pinentry must be properly configured for that. And although there are instructions of how to do that in the respective gentoo documentation here , since it is never mentioned the gpg ioctl error I wasn't able to relate both issues. That is how I did it: first I created the .gnupg/gpg-agent.conf file with the following content:

```

vinicius@reds ~ $ cat .gnupg/gpg-agent.conf

allow-loopback-pinentry

```

and then, when running duplicity, I added --gpg-options="--pinentry-mode=loopback" in the command line following the suggestion in the archwiki page.

----------

