diff --git a/doc/EN/app_bdsmail.org b/doc/EN/app_bdsmail.org
index 2703a7fa..8830abd7 100644
--- a/doc/EN/app_bdsmail.org
+++ b/doc/EN/app_bdsmail.org
@@ -28,6 +28,6 @@ ssh into the system with:
 ssh myusername@mydomain.com -p 2222
 #+END_SRC
 
-Select *Administrator controls* then *App Settings* then *bdsmail*. It may take a while to install, due to the creation of keys.
+Select *Administrator controls* then *Add/Remove Apps* then *bdsmail*. It may take a while to install, due to the creation of keys.
 
-After installation if you exit from *Administrator controls* back to the user control panel then select the option to show your email address. You will now have a new bdsmail address which ends with /.b32.i2p/. If you then select *Use Email* to run the Mutt email client you'll notice that you now have a folder called *i2p*. If you select that folder (move up and down with /CTRL+n/ or /CTRL+p/ and open with /CTRL+o/) you can then send email from your new address, or receive mail to it. Just like ordinary email, but with a more random-looking address.
+After installation exit from *Administrator controls* back to the user control panel then select the option to *show your email address*. You will now have a new bdsmail address which ends with /.b32.i2p/. If you then select *Use Email* to run the Mutt email client you'll notice that you now have a folder called *i2p*. If you select that folder (move up and down with /CTRL+n/ or /CTRL+p/ and open with /CTRL+o/) you can then send email from your new address, or receive mail to it. Just like ordinary email, but with a more random-looking address.
diff --git a/src/freedombone-app-pleroma b/src/freedombone-app-pleroma
index caa3bc8c..a097351d 100755
--- a/src/freedombone-app-pleroma
+++ b/src/freedombone-app-pleroma
@@ -744,6 +744,8 @@ function backup_local_pleroma {
         PLEROMA_DOMAIN_NAME=$(get_completion_param "pleroma domain")
     fi
 
+    systemctl stop pleroma
+
     function_check suspend_site
     suspend_site ${PLEROMA_DOMAIN_NAME}
 
@@ -757,6 +759,8 @@ function backup_local_pleroma {
 
     function_check restart_site
     restart_site
+
+    systemctl restart pleroma
 }
 
 function restore_local_pleroma {
@@ -769,6 +773,8 @@ function restore_local_pleroma {
         temp_restore_dir=/root/temppleroma
         pleroma_dir=$PLEROMA_DIR
 
+        systemctl stop pleroma
+
         PLEROMA_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_pleroma/hostname)
         function_check pleroma_create_database
         pleroma_create_database
@@ -797,6 +803,8 @@ function backup_remote_pleroma {
         PLEROMA_DOMAIN_NAME=$(get_completion_param "pleroma domain")
     fi
 
+    systemctl stop pleroma
+
     function_check suspend_site
     suspend_site ${PLEROMA_DOMAIN_NAME}
 
@@ -810,6 +818,8 @@ function backup_remote_pleroma {
 
     function_check restart_site
     restart_site
+
+    systemctl restart pleroma
 }
 
 function restore_remote_pleroma {
@@ -822,6 +832,8 @@ function restore_remote_pleroma {
         temp_restore_dir=/root/temppleroma
         pleroma_dir=$PLEROMA_DIR
 
+        systemctl stop pleroma
+
         PLEROMA_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_pleroma/hostname)
         function_check pleroma_create_database
         pleroma_create_database
diff --git a/src/freedombone-backup-local b/src/freedombone-backup-local
index 482f6162..b31c6251 100755
--- a/src/freedombone-backup-local
+++ b/src/freedombone-backup-local
@@ -113,7 +113,6 @@ function backup_users {
     for d in /home/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-
             # Backup any gpg keys
             if [ -d /home/$USERNAME/.gnupg ]; then
                 echo $"Backing up gpg keys for $USERNAME"
@@ -212,6 +211,8 @@ function backup_users {
                 cp /home/$USERNAME/.procmailrc /home/$USERNAME/tempbackup
                 backup_directory_to_usb /home/$USERNAME/tempbackup procmail/$USERNAME
             fi
+
+            gpg_agent_enable $USERNAME
         fi
     done
 }
@@ -373,6 +374,7 @@ if [[ $1 == "remove" ]]; then
     remove_option=$1
 fi
 
+gpg_agent_setup root
 backup_mount_drive $1 $2
 remove_backup_directory $remove_option
 make_backup_directory
diff --git a/src/freedombone-backup-remote b/src/freedombone-backup-remote
index 69e3f529..a560c69e 100755
--- a/src/freedombone-backup-remote
+++ b/src/freedombone-backup-remote
@@ -13,7 +13,7 @@
 # License
 # =======
 #
-# Copyright (C) 2015-2016 Bob Mottram <bob@freedombone.net>
+# Copyright (C) 2015-2018 Bob Mottram <bob@freedombone.net>
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as published by
@@ -157,7 +157,6 @@ function backup_users {
     for d in /home/*/ ; do
         USERNAME=$(echo "$d" | awk -F '/' '{print $3}')
         if [[ $(is_valid_user "$USERNAME") == "1" ]]; then
-
             # personal settings
             if [ -d /home/$USERNAME/personal ]; then
                 echo $"Backing up personal settings for $USERNAME"
@@ -266,6 +265,7 @@ function backup_users {
                 echo $"Backing up emails for $USERNAME"
                 backup_directory_to_friend /root/backupemail/$USERNAME mail/$USERNAME
             fi
+            gpg_agent_enable $USERNAME
         fi
     done
 }
@@ -430,6 +430,7 @@ if [[ "$1" == "test" ]]; then
     TEST_MODE="yes"
 fi
 
+gpg_agent_setup root
 backup_configfiles
 if [[ $TEST_MODE == "no" ]]; then
     backup_blocklist
diff --git a/src/freedombone-controlpanel-user b/src/freedombone-controlpanel-user
index 4e7879e4..7e35a211 100755
--- a/src/freedombone-controlpanel-user
+++ b/src/freedombone-controlpanel-user
@@ -894,6 +894,15 @@ function show_your_email_address {
         dialog --title $"Show your Email Address" \
                --backtitle $"Freedombone User Control Panel" \
                --msgbox $"\nYou can press SHIFT and then drag the mouse and right click to copy.\n\nEmail Address: $MY_EMAIL_ADDRESS\n\nKey ID: $GPG_ID\n\nFingerprint: $GPG_FINGERPRINT\n\nCreated: $GPG_DATE\n\nI2P Address: ${bdsmail_address}" 17 90
+        clear
+        echo ''
+        echo $'Your bdsmail address as a QR code'
+        echo ''
+        echo -n "${bdsmail_address}" | qrencode -t UTF8
+        echo ''
+        echo "${bdsmail_address}"
+        echo ''
+        any_key
     fi
 }
 
diff --git a/src/freedombone-restore-local b/src/freedombone-restore-local
index bacbe5cb..74a89429 100755
--- a/src/freedombone-restore-local
+++ b/src/freedombone-restore-local
@@ -956,6 +956,7 @@ backup_mount_drive ${1} ${ADMIN_USERNAME} ${2}
 check_backup_exists
 check_admin_user
 copy_gpg_keys
+gpg_agent_setup root
 restore_blocklist
 restore_configfiles
 same_admin_user
diff --git a/src/freedombone-restore-remote b/src/freedombone-restore-remote
index 61226fdc..4cc0be8c 100755
--- a/src/freedombone-restore-remote
+++ b/src/freedombone-restore-remote
@@ -857,6 +857,7 @@ function restore_email {
 ${PROJECT_NAME}-recoverkey -u ${ADMIN_USERNAME} -l $BACKUP_LIST
 
 copy_gpg_keys
+gpg_agent_setup root
 restore_blocklist
 restore_configfiles
 restore_passwordstore
diff --git a/src/freedombone-utils-backup b/src/freedombone-utils-backup
index e3d2a22b..a5b1f0d6 100755
--- a/src/freedombone-utils-backup
+++ b/src/freedombone-utils-backup
@@ -282,7 +282,7 @@ function backup_database_local_usb {
 
 function backup_directory_to_usb_duplicity {
     create_backups_temp_directory
-    echo "$BACKUP_DUMMY_PASSWORD" | duplicity full --gpg-options "$BACKUP_GPG_OPTIONS" --tempdir $BACKUP_TEMP_DIRECTORY --encrypt-key $MY_BACKUP_KEY_ID --full-if-older-than 4W --exclude-other-filesystems ${1} file://$USB_MOUNT/backup/${2}
+    echo "$BACKUP_DUMMY_PASSWORD" | duplicity full --use-agent --gpg-options "$BACKUP_GPG_OPTIONS" --tempdir $BACKUP_TEMP_DIRECTORY --encrypt-key $MY_BACKUP_KEY_ID --full-if-older-than 4W --exclude-other-filesystems ${1} file://$USB_MOUNT/backup/${2}
     if [ ! "$?" = "0" ]; then
         umount $USB_MOUNT
         rm -rf $USB_MOUNT
@@ -296,7 +296,7 @@ function backup_directory_to_usb_duplicity {
         exit 8352925
     fi
     if [[ $ENABLE_BACKUP_VERIFICATION == "yes" ]]; then
-        echo "$BACKUP_DUMMY_PASSWORD" | duplicity verify --gpg-options "$BACKUP_GPG_OPTIONS" --tempdir $BACKUP_TEMP_DIRECTORY --encrypt-key $MY_BACKUP_KEY_ID --full-if-older-than 4W --exclude-other-filesystems ${1} file://$USB_MOUNT/backup/${2}
+        echo "$BACKUP_DUMMY_PASSWORD" | duplicity verify --use-agent --gpg-options "$BACKUP_GPG_OPTIONS" --tempdir $BACKUP_TEMP_DIRECTORY --encrypt-key $MY_BACKUP_KEY_ID --full-if-older-than 4W --exclude-other-filesystems ${1} file://$USB_MOUNT/backup/${2}
         if [ ! "$?" = "0" ]; then
             umount $USB_MOUNT
             rm -rf $USB_MOUNT
@@ -412,7 +412,7 @@ function set_user_permissions {
 
 function backup_directory_to_friend_duplicity {
     create_backups_temp_directory
-    echo "$BACKUP_DUMMY_PASSWORD" | duplicity full --gpg-options "$BACKUP_GPG_OPTIONS" --tempdir $BACKUP_TEMP_DIRECTORY --ssh-askpass --encrypt-key ${ADMIN_BACKUP_KEY_ID} --full-if-older-than 4W --exclude-other-filesystems ${1} $SERVER_DIRECTORY/backup/${2}
+    echo "$BACKUP_DUMMY_PASSWORD" | duplicity full --use-agent --gpg-options "$BACKUP_GPG_OPTIONS" --tempdir $BACKUP_TEMP_DIRECTORY --ssh-askpass --encrypt-key ${ADMIN_BACKUP_KEY_ID} --full-if-older-than 4W --exclude-other-filesystems ${1} $SERVER_DIRECTORY/backup/${2}
     if [ ! "$?" = "0" ]; then
         if [[ ${1} == "/root/temp"* || ${1} == *"tempbackup" ]]; then
             shred -zu ${1}/*
@@ -424,7 +424,7 @@ function backup_directory_to_friend_duplicity {
         exit 5293526
     fi
     if [[ $ENABLE_BACKUP_VERIFICATION == "yes" ]]; then
-        echo "$BACKUP_DUMMY_PASSWORD" | duplicity verify --gpg-options "$BACKUP_GPG_OPTIONS" --tempdir $BACKUP_TEMP_DIRECTORY --ssh-askpass --encrypt-key ${ADMIN_BACKUP_KEY_ID} --full-if-older-than 4W --exclude-other-filesystems ${1} $SERVER_DIRECTORY/backup/${2}
+        echo "$BACKUP_DUMMY_PASSWORD" | duplicity verify --use-agent --gpg-options "$BACKUP_GPG_OPTIONS" --tempdir $BACKUP_TEMP_DIRECTORY --ssh-askpass --encrypt-key ${ADMIN_BACKUP_KEY_ID} --full-if-older-than 4W --exclude-other-filesystems ${1} $SERVER_DIRECTORY/backup/${2}
         if [ ! "$?" = "0" ]; then
             if [[ ${1} == "/root/temp"* || ${1} == *"tempbackup" ]]; then
                 shred -zu ${1}/*
diff --git a/src/freedombone-utils-gpg b/src/freedombone-utils-gpg
index 42e985e4..e5790582 100755
--- a/src/freedombone-utils-gpg
+++ b/src/freedombone-utils-gpg
@@ -228,17 +228,17 @@ function gpg_agent_setup {
             echo 'GPG_TTY=$(tty)' >> /root/.bashrc
             echo 'export GPG_TTY' >> /root/.bashrc
         fi
+        if grep -q '# use-agent' /root/.gnupg/gpg.conf; then
+            sed -i 's|# use-agent|use-agent|g' /root/.gnupg/gpg.conf
+        fi
         if ! grep -q 'use-agent' /root/.gnupg/gpg.conf; then
             echo 'use-agent' >> /root/.gnupg/gpg.conf
         fi
-        if ! grep -q 'pinentry-mode loopback' /root/.gnupg/gpg.conf; then
-            echo 'pinentry-mode loopback' >> /root/.gnupg/gpg.conf
-        fi
-        if [ ! -f /root/.gnupg/gpg-agent.conf ]; then
-            touch /root/.gnupg/gpg-agent.conf
-        fi
-        if ! grep -q 'allow-loopback-pinentry' /root/.gnupg/gpg-agent.conf; then
-            echo 'allow-loopback-pinentry' >> /root/.gnupg/gpg-agent.conf
+        echo 'default-cache-ttl 300' > /root/.gnupg/gpg-agent.conf
+        echo 'max-cache-ttl 999999' >> /root/.gnupg/gpg-agent.conf
+        echo 'allow-loopback-pinentry' >> /root/.gnupg/gpg-agent.conf
+        if [ -f /root/.gnupg/S.dirmngr ]; then
+            rm /root/.gnupg/S.dirmngr
         fi
         echo RELOADAGENT | gpg-connect-agent
     else
@@ -248,17 +248,20 @@ function gpg_agent_setup {
             echo 'export GPG_TTY' >> /home/$gpg_username/.bashrc
             chown $gpg_username:$gpg_username /home/$gpg_username/.bashrc
         fi
+        if grep -q '# use-agent' /home/$gpg_username/.gnupg/gpg.conf; then
+            sed -i 's|# use-agent|use-agent|g' /home/$gpg_username/.gnupg/gpg.conf
+        fi
         if ! grep -q 'use-agent' /home/$gpg_username/.gnupg/gpg.conf; then
             echo 'use-agent' >> /home/$gpg_username/.gnupg/gpg.conf
         fi
         if ! grep -q 'pinentry-mode loopback' /home/$gpg_username/.gnupg/gpg.conf; then
             echo 'pinentry-mode loopback' >> /home/$gpg_username/.gnupg/gpg.conf
         fi
-        if [ ! -f /home/$gpg_username/.gnupg/gpg-agent.conf ]; then
-            touch /home/$gpg_username/.gnupg/gpg-agent.conf
-        fi
-        if ! grep -q 'allow-loopback-pinentry' /home/$gpg_username/.gnupg/gpg-agent.conf; then
-            echo 'allow-loopback-pinentry' >> /home/$gpg_username/.gnupg/gpg-agent.conf
+        echo 'default-cache-ttl 300' > /home/$gpg_username/.gnupg/gpg-agent.conf
+        echo 'max-cache-ttl 999999' >> /home/$gpg_username/.gnupg/gpg-agent.conf
+        echo 'allow-loopback-pinentry' >> /home/$gpg_username/.gnupg/gpg-agent.conf
+        if [ -f /home/$gpg_username/.gnupg/S.dirmngr ]; then
+            rm /home/$gpg_username/.gnupg/S.dirmngr
         fi
         if [[ "$gpg_username" != "$USER" ]]; then
             su -c "echo RELOADAGENT | gpg-connect-agent" - $gpg_username
diff --git a/website/EN/app_bdsmail.html b/website/EN/app_bdsmail.html
index afe38cf6..8d22c13a 100644
--- a/website/EN/app_bdsmail.html
+++ b/website/EN/app_bdsmail.html
@@ -3,7 +3,7 @@
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<!-- 2018-02-16 Fri 10:42 -->
+<!-- 2018-02-16 Fri 11:55 -->
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
 <meta name="viewport" content="width=device-width, initial-scale=1" />
 <title>&lrm;</title>
@@ -256,9 +256,9 @@ BDS Mail (aka "Brain Dead Simple Mail") is an optional addition to the existing
 It's unlikely that many people will use this. If it's hard to persuade anyone to use GPG or Enigmail then it will be <i>next to impossible</i> to persuade them to switch to BDS Mail unless they're already obsessive about technical security. However, this provides yet another option for reasonably secure communications if other methods fail or are untrustable.
 </p>
 
-<div id="outline-container-org4d1584a" class="outline-2">
-<h2 id="org4d1584a">Installation</h2>
-<div class="outline-text-2" id="text-org4d1584a">
+<div id="outline-container-org6b531d9" class="outline-2">
+<h2 id="org6b531d9">Installation</h2>
+<div class="outline-text-2" id="text-org6b531d9">
 <p>
 ssh into the system with:
 </p>
@@ -269,11 +269,11 @@ ssh into the system with:
 </div>
 
 <p>
-Select <b>Administrator controls</b> then <b>App Settings</b> then <b>bdsmail</b>. It may take a while to install, due to the creation of keys.
+Select <b>Administrator controls</b> then <b>Add/Remove Apps</b> then <b>bdsmail</b>. It may take a while to install, due to the creation of keys.
 </p>
 
 <p>
-After installation if you exit from <b>Administrator controls</b> back to the user control panel then select the option to show your email address. You will now have a new bdsmail address which ends with <i>.b32.i2p</i>. If you then select <b>Use Email</b> to run the Mutt email client you'll notice that you now have a folder called <b>i2p</b>. If you select that folder (move up and down with <i>CTRL+n</i> or <i>CTRL+p</i> and open with <i>CTRL+o</i>) you can then send email from your new address, or receive mail to it. Just like ordinary email, but with a more random-looking address.
+After installation exit from <b>Administrator controls</b> back to the user control panel then select the option to <b>show your email address</b>. You will now have a new bdsmail address which ends with <i>.b32.i2p</i>. If you then select <b>Use Email</b> to run the Mutt email client you'll notice that you now have a folder called <b>i2p</b>. If you select that folder (move up and down with <i>CTRL+n</i> or <i>CTRL+p</i> and open with <i>CTRL+o</i>) you can then send email from your new address, or receive mail to it. Just like ordinary email, but with a more random-looking address.
 </p>
 </div>
 </div>