Duplicity encrypting to a strange key?

I'm trying to get duplicity working with gpg keys, but it's behaving a bit strange (on the actual machine that I want backed up, it seems better in virtual machines). Here's a complete set of commands (executed within a minute):

grove@stacey> rm -fr /tmp/backup
grove@stacey> duplicity full --encrypt-key 00FDE9885BB452EC317D6FF924A2044BE1CCBEE1 --sign-key 0FA385BE82DE75CD94338E65EA7482DAB844D7E7 /home/grove/tmp/backuptest file:///tmp/backup
Warning, found signatures but no corresponding backup files
Synchronizing remote metadata to local cache...
Deleting local /home/grove/.cache/duplicity/ba8d32ccb88d13597b4784252744fc75/duplicity-full-signatures.20230721T124839Z.sigtar.gz (not authoritative at backend).
Deleting local /home/grove/.cache/duplicity/ba8d32ccb88d13597b4784252744fc75/duplicity-full.20230721T124839Z.manifest (not authoritative at backend).
Last full backup date: none
GnuPG passphrase for decryption: 
GnuPG passphrase for signing key: 
--------------[ Backup Statistics ]--------------
StartTime 1689944019.33 (Fri Jul 21 14:53:39 2023)
EndTime 1689944019.42 (Fri Jul 21 14:53:39 2023)
ElapsedTime 0.09 (0.09 seconds)
SourceFiles 61
SourceFileSize 45056 (44.0 KB)
NewFiles 61
NewFileSize 45056 (44.0 KB)
DeletedFiles 0
ChangedFiles 0
ChangedFileSize 0 (0 bytes)
ChangedDeltaSize 0 (0 bytes)
DeltaEntries 61
RawDeltaSize 0 (0 bytes)
TotalDestinationSizeChange 1983 (1.94 KB)
Errors 0
-------------------------------------------------

grove@stacey> duplicity full --encrypt-key 00FDE9885BB452EC317D6FF924A2044BE1CCBEE1 --sign-key 0FA385BE82DE75CD94338E65EA7482DAB844D7E700FDE9885BB452EC317D6FF924A2044BE1CCBEE1 /home/grove/tmp/backuptest
 grove@stacey> duplicity verify --compare-data --encrypt-key 00FDE9885BB452EC317D6FF924A2044BE1CCBEE1 --sign-key 0FA385BE82DE75CD94338E65EA7482DAB844D7E7 file:///tmp/backup /home/grove/tmp/backuptest 
Local and Remote metadata are synchronized, no sync needed.
Last full backup date: Fri Jul 21 14:53:21 2023
GnuPG passphrase for decryption: 
GPGError: GPG Failed, see log below:
===== Begin GnuPG log =====
gpg: encrypted with 4096-bit RSA key, ID 7554FBF3A16C9773, created 2023-07-06
"Duplicity_encryption (Encryption key for duplicity)"
gpg: public key decryption failed: No passphrase given
gpg: decryption failed: No secret key
===== End GnuPG log =====

 grove@stacey> gpg --list-keys | grep -i 7554FBF3A16C9773
 grove@stacey> gpg --list-secret-keys | grep -i 7554FBF3A16C9773
 grove@stacey> gpg --list-keys | grep -i -C2 duplicity
pub   rsa4096 2023-07-06 [SC]
      00FDE9885BB452EC317D6FF924A2044BE1CCBEE1
uid           [ ultim. ] Duplicity_encryption (Encryption key for duplicity)
sub   rsa4096 2023-07-06 [E]

For some reason duplicity is asking for the passphrase for decryption when making a backup (and that passphrase is not needed), but that's a minor issue (and might be fixed in newer versions). The big problem is that it seems the backup is encrypted for a GPG key that is not known? (Neither the public part, that I would think is needed to make the backup - nor the private part that is needed to read it). I even specified which key to encrypt for, but that was ignored? (this is using duplicity 0.8.17-1+b1 from Debian Bullseye - I know that is old, stable has a version that is a little newer, but still a bit old, but backups are a thing I'd like to have in place before upgrading) So where is the key it has used for encrypting? Alternatively: How do I make it use the key I actually specified?