From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id D81CB62214 for ; Mon, 23 Nov 2020 09:48:26 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id C8F9A25656 for ; Mon, 23 Nov 2020 09:47:56 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [212.186.127.180]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 5D26D2567F for ; Mon, 23 Nov 2020 09:47:56 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 2500B43E6E for ; Mon, 23 Nov 2020 09:47:56 +0100 (CET) Date: Mon, 23 Nov 2020 09:47:49 +0100 From: Fabian =?iso-8859-1?q?Gr=FCnbichler?= To: Dietmar Maurer , Proxmox Backup Server development discussion References: <20201120163845.1225080-1-f.gruenbichler@proxmox.com> <20201120163845.1225080-10-f.gruenbichler@proxmox.com> <766783011.72.1606115268068@webmail.proxmox.com> <1606118041.ki3x6lhgym.astroid@nora.none> <1007194309.79.1606120260423@webmail.proxmox.com> In-Reply-To: <1007194309.79.1606120260423@webmail.proxmox.com> MIME-Version: 1.0 User-Agent: astroid/0.15.0 (https://github.com/astroidmail/astroid) Message-Id: <1606121065.6p62pfssso.astroid@nora.none> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-SPAM-LEVEL: Spam detection results: 0 AWL 0.025 Adjusted score from AWL reputation of From: address KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_DNSWL_MED -2.3 Sender listed at https://www.dnswl.org/, medium trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: Re: [pbs-devel] [PATCH proxmox-backup 09/13] paperkey: add short key ID to subject X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Nov 2020 08:48:26 -0000 On November 23, 2020 9:30 am, Dietmar Maurer wrote: >> I originally wanted to keep the full fingerprint in, but conceded to=20 >> your space arguments here and only included the short version.. I also=20 >> don't really buy the confusion, since unless the user has manually=20 >> looked inside the key file they don't even know that or how the=20 >> fingerprint is stored there - in the user-facing parts we only ever show= =20 >> the short key ID. furthermore we already paperkey the pretty-printed=20 >> version so if the user restores that the checksum of the keyfile is=20 >> different anyhow. >=20 > Don't get that. You delete the fingerprint, so if a user restores that ke= y > he don't have a fingerprint to compare? the short key ID is put into the subject now to make human matching of=20 paperkey printouts and manifest/snapshot lists easier. if the user restores the paperkey into a keyfile, anytime that keyfile=20 is used it will re-generate the fingerprint on the fly. if the keyfile=20 is modified (e.g. on passphrase/KDF change), the generated fingerprint=20 will also be persisted again. we don't have a 'restore paperkey' command=20 (yet), but if we ever do, that could of course also regenerate the full=20 fingerprint and persist it on writing out the keyfile. =