diff --git a/duplicity-backup.conf.example b/duplicity-backup.conf.example
index 04d8f09..43fd688 100644
--- a/duplicity-backup.conf.example
+++ b/duplicity-backup.conf.example
@@ -81,6 +81,17 @@ PASSPHRASE="foobar_gpg_passphrase"
 GPG_ENC_KEY="foobar_gpg_key"
 GPG_SIGN_KEY="foobar_gpg_key"
 
+# Do you want to hide the key id of the encrypted files? yes/no
+# It uses the gpg's --hidden-recipient command to obfuscate the owner of the backup.
+# On restore, gpg will automatically try all available secret keys in order to 
+# decrypt the backup. See gpg(1) for more details.
+# HIDE_KEY_ID='yes'
+
+# You can optionally specify the secret keyring file to use for the encryption and
+# signing keys. If not specified, the default secret keyring is used which is 
+# usually located at ~/.gnupg/secring.gpg
+# SECRET_KEYRING="/home/foobar_user_name/.gnupg/duplicity.gpg
+
 # BACKUP SOURCE INFORMATION
 # The ROOT of your backup (where you want the backup to start);
 # This can be / or somwhere else -- I use /home/ because all the
diff --git a/duplicity-backup.sh b/duplicity-backup.sh
index 26dc124..eb90088 100755
--- a/duplicity-backup.sh
+++ b/duplicity-backup.sh
@@ -186,7 +186,15 @@ LOCKFILE=${LOGDIR}backup.lock
 
 if [ "$ENCRYPTION" = "yes" ]; then
   if [ ! -z "$GPG_ENC_KEY" ] && [ ! -z "$GPG_SIGN_KEY" ]; then
-    ENCRYPT="--encrypt-key=${GPG_ENC_KEY} --sign-key=${GPG_SIGN_KEY}"
+    if [ "$HIDE_KEY_ID" = "yes" ]; then
+      ENCRYPT="--hidden-encrypt-key=${GPG_ENC_KEY} --sign-key=${GPG_SIGN_KEY}"
+    else
+      ENCRYPT="--encrypt-key=${GPG_ENC_KEY} --sign-key=${GPG_SIGN_KEY}"
+    fi
+    if [ ! -z "$SECRET_KEYRING" ]; then
+      KEYRING="--secret-keyring ${SECRET_KEYRING}"
+      ENCRYPT="${ENCRYPT} --encrypt-secret-keyring=${SECRET_KEYRING}"
+    fi
   elif [ ! -z "$PASSPHRASE" ]; then
     ENCRYPT=""
   fi
@@ -506,10 +514,10 @@ backup_this_script()
   if [ ! -z "$GPG_ENC_KEY" -a ! -z "$GPG_SIGN_KEY" ]; then
     export GPG_TTY=`tty`
     if [ "$GPG_ENC_KEY" = "$GPG_SIGN_KEY" ]; then
-      gpg -a --export-secret-keys ${GPG_ENC_KEY} > ${TMPDIR}/duplicity-backup-encryption-and-sign-secret.key.txt
+      gpg -a --export-secret-keys ${KEYRING} ${GPG_ENC_KEY} > ${TMPDIR}/duplicity-backup-encryption-and-sign-secret.key.txt
     else
-      gpg -a --export-secret-keys ${GPG_ENC_KEY} > ${TMPDIR}/duplicity-backup-encryption-secret.key.txt
-      gpg -a --export-secret-keys ${GPG_SIGN_KEY} > ${TMPDIR}/duplicity-backup-sign-secret.key.txt
+      gpg -a --export-secret-keys ${KEYRING} ${GPG_ENC_KEY} > ${TMPDIR}/duplicity-backup-encryption-secret.key.txt
+      gpg -a --export-secret-keys ${KEYRING} ${GPG_SIGN_KEY} > ${TMPDIR}/duplicity-backup-sign-secret.key.txt
     fi
   fi