Hi,
I have a question about encryption keys. Basically I do not know how to use the data which was copied in case my local machine dies?
I have done the following:
- copied my ssh public key to a remote server
created a directory and started git annex assistant
mkdir ~/test_annex
cd ~/test_annex
git annex webapp
clicked Repository->Add another local repository
- Assistant: Where do you want to put this new repository? Me: ~/test_annex "Make Repository"
- Assistant "Combine repositories?" Me: "Keep repositories separate"
- clicked "Add another repository" clicked "remote server"
- filled out "Adding a remote server using ssh" form and clicked "Check this server"
- choose "Use an encrypted rsync repository on the server"
- Assistant "Repository created" I select "Full backup" as repository group.
So far so good. If I now add a file on my local machine into ~/test_annex something not human readable is created on the remote machine.
What I do not understand is how I use this backup later. I am expecting something along the "hybrid encryption keys" scheme explained in this wiki. However I was not able to determine which of my gpg keys was used or how the data was encrypted.
So my question is: "How do I use the encrypted backup remote on a second machine?"
When you create an encrypted rsync repository using the webapp like that, its encryption key is stored in your git repository, using the shared encryption scheme. No gpg key needs to be used to decrypt files from the rsync repository; anyone with a clone of your git repository can do so. This has its plusses and its minuses; the webapp picks that type of encryption because it's easy to use.
So, the answer is to just make a clone of your repository on the other machine, and then you can use it. There are lots of ways to do that; if you stay in the webapp, go to Add Another Repisitory and any of the "Share with your other devices", "Share with a friend", or "Local computer" options are easy ways to do it.
Now, if you had, manually, set up a rsync repository encrypted with the hybrid encryption key scheme, to access it from another computer with clone of the repository you would need to have a gpg key that has been given access to the repository. So you would either copy your gpg secret key to the other computer, or if you don't want to trust that other computer with the your main gpg key, you could make another gpg secret key for that computer, and add that key as one of the keys that can access the encrypted repository. (Or, if the computer belonged to a friend, you could just get their gpg key, and add it.)
Right.
So, I think I should go change the description displayed by the webapp to "full backup (file contents only)" and "full backup (entire git repository)" or so. It's a little hard to word it precisely without making it hard to understand.
Or, the webapp could display a nudge to make a clone when no other clones of the git repository exist. I think that's probably more valuable, so todo added.