What is GnuPG passphrase?

I am trying to restore a folder in duplicity to test it’s contents, using this command as root on the box:

PASSPHRASE=$(cat /home/user-data/backup/secret_key.txt) && duplicity restore --time 1D --file-to-restore mail/mailboxes/DOMAIN.COM/USERACCOUNT file:///home/user-data/backup/encrypted/ /tmp/restored-files

Which then asks me for a “GnuPG passphrase.” Did I set this up? I tried all the passwords I know and it isn’t working. Is there a way to find out this passphrase or (worst case) clear it so I can start a new backup file?

Synchronizing remote metadata to local cache...
GnuPG passphrase: 
Copying duplicity-full-signatures.20160810T100002Z.sigtar.gpg to local cache.
GPGError: GPG Failed, see log below:
===== Begin GnuPG log =====
gpg: AES256 encrypted data
gpg: encrypted with 1 passphrase
gpg: decryption failed: bad key
===== End GnuPG log =====

Thanks for your help.

  • Matt

GnuPG Passphrase is a password setup to protect the private and/or public key for a GPG keyring and/or key.

This is the password you used when setting up and generating you GnuPG keys.

Thanks murgero, now that I know it was something I setup, how do I go about re-creating a new one and starting new backups based on the new passphrase I setup?

  • Matt

I am not familiar with Duplicity, but I would start in their forums (If they have one) or ubuntu forums or Stackoverflow.

Common-sense, experience, and educated guess: Duplicity might have commands or scripts to re-initialize or regenerate the GPG keys.

Also Generating new keys will cause the backups you have already to be invalidated as well (Since the GPG Keys will no longer match)

You can also try manually typing the passphrase from the"secret_key.txt" file located at /home/user-data/backup/secret_key.txt

Understood, this was an exercise to see how the restore works. I tried manually typing in the passphrase from the secret_key file and it did not work at the prompt.

Is my setup weird in that there is a GnuPG Passphrase? On the maintenance page it doesn’t mention it at all… (https://mailinabox.email/maintenance.html)

That page only mentions the secret_key.txt which I am defining into the variable PASSPHRASE.

I will google duplicity and removing the GnuPG now just thought it was odd since I don’t see it in the docs.


  • Matt

The error is probably just that the secret stored in secret_key.txt isn’t the one that was used to create the backup files.

The GPG passphrase secret_key.txt are just different terms for the same thing afaik. It’s not something you would’ve setup; as long as you’re following the instructions and not modifying the default Box config, it will have been generated for you automatically during setup. Have you setup more than one Box in the past? It could be that the key you’re using is just for a different backup set.

Thanks Josh & sdlg, I think that is exactly what happened. I was on v18b I believe when I started and the old laptop I was running the server on would crash and freeze I assumed from the backup. I cleared out the backup folder and re-ran sudo mailinabox and now on v19. It auto rebuilt a new secret_key and I will run a backup tonight to make sure I can restore it then after.

Thanks for all the work you guys put into this project and support.

  • Matt

Just to followup.

I deleted the “backup” folder in /home/user-data/ and re-ran the Mailinabox install/upgrade script. I followed the instructions and it made a new backup key. After the backup ran I was successfully able to use the restore feature of duplicity and it took the “secret_key.txt” file just fine.

Josh’s assumption: [quote=“JoshData, post:6, topic:1416, full:true”]
The error is probably just that the secret stored in secret_key.txt isn’t the one that was used to create the backup files.[/quote] was spot on.

Thanks guys,

  • Matt
1 Like

By the way why use the first 65 characters of the secret_key file,I think that this is not safe!
Why not use Key-Pair mechanism ?