diff --git a/duplicity-backup.conf.example b/duplicity-backup.conf.example
index 9c6b405..448a73e 100644
--- a/duplicity-backup.conf.example
+++ b/duplicity-backup.conf.example
@@ -45,17 +45,28 @@ AWS_SECRET_ACCESS_KEY="foobar_aws_access_key"
 
 # ENCRYPTION INFORMATION
 # Do you want your backup to be encrypted? yes/no
-# If yes, please make sure you specify either PASSPHRASE or GPG_KEY
+# If yes, please make sure you specify either PASSPHRASE or GPG_ENC_KEY/GPG_SIGN_KEY
 ENCRYPTION='yes'
 
 # If you are NOT running this from a cron, comment this line out
 # and duplicity should prompt you for your password.
+# Otherwise this password is either used for symmetric encryption
+# (your backups will be encrypted with this password) or is used
+# for the "GPG_SIGN_KEY" (see below).
 # Comment out if you aren't using encryption
 PASSPHRASE="foobar_gpg_passphrase"
 
-# Specify which GPG key you would like to use (even if you have only one).
-# Comment out if you're using only PASSPHRASE or not using encryption
-GPG_KEY="foobar_gpg_key"
+# Specify which GPG keys you would like to use (even if you have only one).
+# If you are running this from a cron, it is highly recommended to create separate 
+# signature and encryption keys, because you have to specify the password for the 
+# GPG_SIGN_KEY via the above PASSPHRASE variable 
+# (see http://www.debian-administration.org/articles/209#d0e109).
+# If you are not running the script from a cron, duplicity should prompt you for the 
+# GPG_SIGN_KEY password.
+# Comment out if you're using only PASSPHRASE (symmetric encryption) or not using 
+# encryption at all.
+GPG_ENC_KEY="foobar_gpg_key"
+GPG_SIGN_KEY="foobar_gpg_key"
 
 # BACKUP SOURCE INFORMATION
 # The ROOT of your backup (where you want the backup to start);
diff --git a/duplicity-backup.sh b/duplicity-backup.sh
index e899d5c..3a08dd3 100755
--- a/duplicity-backup.sh
+++ b/duplicity-backup.sh
@@ -158,8 +158,8 @@ S3CMD="$(which s3cmd)"
 LOCKFILE=${LOGDIR}backup.lock
 
 if [ "$ENCRYPTION" = "yes" ]; then
-  if [ ! -z "$GPG_KEY" ]; then
-    ENCRYPT="--encrypt-key=${GPG_KEY} --sign-key=${GPG_KEY}"
+  if [ ! -z "$GPG_ENC_KEY" ] && [ ! -z "$GPG_SIGN_KEY" ]; then
+    ENCRYPT="--encrypt-key=${GPG_ENC_KEY} --sign-key=${GPG_SIGN_KEY}"
   elif [ ! -z "$PASSPHRASE" ]; then
     ENCRYPT=""
   fi
@@ -196,7 +196,8 @@ fi
 check_variables ()
 {
   if [[ ${ROOT} = "" || ${DEST} = "" || ${INCLIST} = "" || \
-         ${GPG_KEY} = "foobar_gpg_key" || \
+         ${GPG_ENC_KEY} = "foobar_gpg_key" || \
+         ${GPG_SIGN_KEY} = "foobar_gpg_key" || \         
          ${PASSPHRASE} = "foobar_gpg_passphrase" || \
          ${LOGDIR} = "/home/foobar_user_name/logs/test2/" || \
          ( ${DEST_IS_S3} = true && ${AWS_ACCESS_KEY_ID} = "foobar_aws_key_id" ) || \