Comment 4 for bug 793096

The branch is valid, the patch is outdated. Please review at https://code.launchpad.net/~lekensteyn/duplicity/multipass/+merge/64307 . Currently there is a bug in the patch which prevents the use of symmetric keys + signing key, but I've already found the root cause of it and am testing the fix for that.
I'll test the next configurations:
- asymmetric + signing
- symmetric + signing
- no encryption + signing
- asymmetric
- symmetric
- no encryption

I was inspired by http://www.debian-administration.org/articles/209. This allows neat separation of the encryption and signing key. In cronjobs, this would allow having the encryption private key not stored on the subject machine that will be backed up.
There is one caveat: if the backend has a file which is unknown on the local side, the synchronize function still needs the encryption key. This can be solved by checking the exit code of Duplicity: 0 is success, any other code is failure. In case of failure, a full backup can be forced by using:

    duplicity full --whatever-options-here source target
Alternatively, a message could be sent to the responsible administrator and after some time, a full backup will be triggered if the administrator did not manage to insert the encryption key for synchronizing.