From 640e4971218872885bb2f30f26fa37391816b087 Mon Sep 17 00:00:00 2001
From: puredoze <puredoze@gmail.com>
Date: Mon, 13 Aug 2012 12:53:09 +0200
Subject: [PATCH] Added support for using separate signature and encryption
 keys

---
 duplicity-backup.conf.example | 16 ++++++++++++----
 duplicity-backup.sh           |  7 ++++---
 2 files changed, 16 insertions(+), 7 deletions(-)

diff --git a/duplicity-backup.conf.example b/duplicity-backup.conf.example
index 9c6b405..b3af280 100644
--- a/duplicity-backup.conf.example
+++ b/duplicity-backup.conf.example
@@ -45,17 +45,25 @@ AWS_SECRET_ACCESS_KEY="foobar_aws_access_key"
 
 # ENCRYPTION INFORMATION
 # Do you want your backup to be encrypted? yes/no
-# If yes, please make sure you specify either PASSPHRASE or GPG_KEY
+# If yes, please make sure you specify either PASSPHRASE or GPG_ENC_KEY/GPG_SIGN_KEY
 ENCRYPTION='yes'
 
 # If you are NOT running this from a cron, comment this line out
 # and duplicity should prompt you for your password.
+# Otherwise this password is either used for symetric encryption
+# (your backups will be encrypted with this password) or is used
+# for the "GPG_SIGN_KEY" (see below).
 # Comment out if you aren't using encryption
 PASSPHRASE="foobar_gpg_passphrase"
 
-# Specify which GPG key you would like to use (even if you have only one).
-# Comment out if you're using only PASSPHRASE or not using encryption
-GPG_KEY="foobar_gpg_key"
+# Specify which GPG keys you would like to use (even if you have only one).
+# It is highly recommended to create separate signature and encryption keys. 
+# When run, duplicity should prompt you for the GPG_SIGN_KEY password 
+# (or specify the PASSPHRASE above if you run this script from a cron).
+# Comment out if you're using only PASSPHRASE (symetric encryption) or not using 
+# encryption at all.
+GPG_ENC_KEY="foobar_gpg_key"
+GPG_SIGN_KEY="foobar_gpg_key"
 
 # BACKUP SOURCE INFORMATION
 # The ROOT of your backup (where you want the backup to start);
diff --git a/duplicity-backup.sh b/duplicity-backup.sh
index e899d5c..3a08dd3 100755
--- a/duplicity-backup.sh
+++ b/duplicity-backup.sh
@@ -158,8 +158,8 @@ S3CMD="$(which s3cmd)"
 LOCKFILE=${LOGDIR}backup.lock
 
 if [ "$ENCRYPTION" = "yes" ]; then
-  if [ ! -z "$GPG_KEY" ]; then
-    ENCRYPT="--encrypt-key=${GPG_KEY} --sign-key=${GPG_KEY}"
+  if [ ! -z "$GPG_ENC_KEY" ] && [ ! -z "$GPG_SIGN_KEY" ]; then
+    ENCRYPT="--encrypt-key=${GPG_ENC_KEY} --sign-key=${GPG_SIGN_KEY}"
   elif [ ! -z "$PASSPHRASE" ]; then
     ENCRYPT=""
   fi
@@ -196,7 +196,8 @@ fi
 check_variables ()
 {
   if [[ ${ROOT} = "" || ${DEST} = "" || ${INCLIST} = "" || \
-         ${GPG_KEY} = "foobar_gpg_key" || \
+         ${GPG_ENC_KEY} = "foobar_gpg_key" || \
+         ${GPG_SIGN_KEY} = "foobar_gpg_key" || \         
          ${PASSPHRASE} = "foobar_gpg_passphrase" || \
          ${LOGDIR} = "/home/foobar_user_name/logs/test2/" || \
          ( ${DEST_IS_S3} = true && ${AWS_ACCESS_KEY_ID} = "foobar_aws_key_id" ) || \