--- /dev/null
+#!/bin/sh -eu
+# SYNTAX: $duplicity_options
+# DESCRIPTION: encapsuleur de duplicity(1) préchargeant sa clef OpenPGP.
+tool=$(readlink -e "${0%/*}/..")
+. "$tool"/remote/lib.sh
+
+uid=backup+"$local_hostname"@"$local_domainname"
+trap_exit () {
+ errno=$?
+ "$tool"/remote/gpg-preset-passphrase --forget "$uid"
+ exit $errno
+ }
+trap trap_exit EXIT
+"$tool"/remote/gpg-preset-passphrase --preset "$uid"
+
+while IFS=: read -r type trust size algo keyid date x x x x x cap x
+ do case $type,$cap in
+ (sub,e) encrypt_key=${keyid#????????};;
+ (sub,s) sign_key=$keyid;;
+ esac done <<-EOF
+ $("$tool"/remote/gpg --list-public-keys --with-colons -- "$uid")
+ EOF
+
+/usr/bin/duplicity \
+ --archive-dir "$tool"/var/backup/current/archive \
+ --gpg-options --homedir="$tool"/var/pub/openpgp \
+ --gpg-options --trusted-key="$sign_key" \
+ --gpg-options --no-permission-warning \
+ --encrypt-key "$encrypt_key" \
+ --sign-key "${sign_key#????????}" \
+ --use-agent \
+ -vw ${TRACE:+--verbosity info} \
+ "$@"