[pbs-devel] [PATCH docs] backup-client: encryption: discuss paperkey command

[pbs-devel] [PATCH docs] backup-client: encryption: discuss paperkey command

[Dylan Whyte]

adds a paragraph to the encryption section about
encoding the master key into a qr code for printing

Signed-off-by: Dylan Whyte <d.whyte@proxmox.com>
---
 docs/backup-client.rst | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/docs/backup-client.rst b/docs/backup-client.rst
index a23535fa..1ef42898 100644
--- a/docs/backup-client.rst
+++ b/docs/backup-client.rst
@@ -365,9 +365,17 @@ To set up a master key:
   backed up. It can happen, for example, that you back up an entire system, using
   a key on that system. If the system then becomes inaccessible for any reason
   and needs to be restored, this will not be possible as the encryption key will be
-  lost along with the broken system. In preparation for the worst case scenario,
-  you should consider keeping a paper copy of this key locked away in
-  a safe place.
+  lost along with the broken system.
+
+In preparation for the worst case scenario, you should consider keeping a paper
+copy of your master key locked away in a safe place. The ``paperkey`` subcommand
+can be used to create a QR encoded version of your master key. The following
+command sends the output of the ``paperkey`` command to a text file, for easy
+printing.
+
+.. code-block:: console
+
+  proxmox-backup-client key paperkey --output-format text > qrkey.txt
 
 
 Restoring Data
-- 
2.20.1

[pbs-devel] applied: [PATCH docs] backup-client: encryption: discuss paperkey command

[Thomas Lamprecht]

On 09.11.20 13:39, Dylan Whyte wrote:
> adds a paragraph to the encryption section about
> encoding the master key into a qr code for printing
> 
> Signed-off-by: Dylan Whyte <d.whyte@proxmox.com>
> ---
>  docs/backup-client.rst | 14 +++++++++++---
>  1 file changed, 11 insertions(+), 3 deletions(-)
> 
>

applied, thanks!

Re: [pbs-devel] [PATCH docs] backup-client: encryption: discuss paperkey command

[Dietmar Maurer]

paperkey should be the last resort.

I store keys in:

1.) my passwork manager (very easy to access)
2.) USB stick, and put that in my vault (still easy to restore)
3.) paperkey (clumsy to restore, but useful if the USB stick is damaged)

> On 11/09/2020 1:39 PM Dylan Whyte <d.whyte@proxmox.com> wrote:
> 
>  
> adds a paragraph to the encryption section about
> encoding the master key into a qr code for printing
> 
> Signed-off-by: Dylan Whyte <d.whyte@proxmox.com>
> ---
>  docs/backup-client.rst | 14 +++++++++++---
>  1 file changed, 11 insertions(+), 3 deletions(-)
> 
> diff --git a/docs/backup-client.rst b/docs/backup-client.rst
> index a23535fa..1ef42898 100644
> --- a/docs/backup-client.rst
> +++ b/docs/backup-client.rst
> @@ -365,9 +365,17 @@ To set up a master key:
>    backed up. It can happen, for example, that you back up an entire system, using
>    a key on that system. If the system then becomes inaccessible for any reason
>    and needs to be restored, this will not be possible as the encryption key will be
> -  lost along with the broken system. In preparation for the worst case scenario,
> -  you should consider keeping a paper copy of this key locked away in
> -  a safe place.
> +  lost along with the broken system.
> +
> +In preparation for the worst case scenario, you should consider keeping a paper
> +copy of your master key locked away in a safe place. The ``paperkey`` subcommand
> +can be used to create a QR encoded version of your master key. The following
> +command sends the output of the ``paperkey`` command to a text file, for easy
> +printing.
> +
> +.. code-block:: console
> +
> +  proxmox-backup-client key paperkey --output-format text > qrkey.txt
>  
>  
>  Restoring Data
> -- 
> 2.20.1
> 
> 
> 
> _______________________________________________
> pbs-devel mailing list
> pbs-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel