From: Dietmar Maurer <dietmar@proxmox.com>
To: Proxmox Backup Server development discussion
<pbs-devel@lists.proxmox.com>, Dylan Whyte <d.whyte@proxmox.com>
Subject: Re: [pbs-devel] [PATCH docs] backup-client: encryption: discuss paperkey command
Date: Mon, 9 Nov 2020 17:14:27 +0100 (CET) [thread overview]
Message-ID: <757496402.968.1604938467597@webmail.proxmox.com> (raw)
In-Reply-To: <20201109123958.17637-1-d.whyte@proxmox.com>
paperkey should be the last resort.
I store keys in:
1.) my passwork manager (very easy to access)
2.) USB stick, and put that in my vault (still easy to restore)
3.) paperkey (clumsy to restore, but useful if the USB stick is damaged)
> On 11/09/2020 1:39 PM Dylan Whyte <d.whyte@proxmox.com> wrote:
>
>
> adds a paragraph to the encryption section about
> encoding the master key into a qr code for printing
>
> Signed-off-by: Dylan Whyte <d.whyte@proxmox.com>
> ---
> docs/backup-client.rst | 14 +++++++++++---
> 1 file changed, 11 insertions(+), 3 deletions(-)
>
> diff --git a/docs/backup-client.rst b/docs/backup-client.rst
> index a23535fa..1ef42898 100644
> --- a/docs/backup-client.rst
> +++ b/docs/backup-client.rst
> @@ -365,9 +365,17 @@ To set up a master key:
> backed up. It can happen, for example, that you back up an entire system, using
> a key on that system. If the system then becomes inaccessible for any reason
> and needs to be restored, this will not be possible as the encryption key will be
> - lost along with the broken system. In preparation for the worst case scenario,
> - you should consider keeping a paper copy of this key locked away in
> - a safe place.
> + lost along with the broken system.
> +
> +In preparation for the worst case scenario, you should consider keeping a paper
> +copy of your master key locked away in a safe place. The ``paperkey`` subcommand
> +can be used to create a QR encoded version of your master key. The following
> +command sends the output of the ``paperkey`` command to a text file, for easy
> +printing.
> +
> +.. code-block:: console
> +
> + proxmox-backup-client key paperkey --output-format text > qrkey.txt
>
>
> Restoring Data
> --
> 2.20.1
>
>
>
> _______________________________________________
> pbs-devel mailing list
> pbs-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
prev parent reply other threads:[~2020-11-09 16:15 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-09 12:39 Dylan Whyte
2020-11-09 14:20 ` [pbs-devel] applied: " Thomas Lamprecht
2020-11-09 16:14 ` Dietmar Maurer [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=757496402.968.1604938467597@webmail.proxmox.com \
--to=dietmar@proxmox.com \
--cc=d.whyte@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox