[pbs-devel] [PATCH docs] backup-client: encryption: discuss paperkey command

[Dietmar Maurer]

paperkey should be the last resort.

I store keys in:

1.) my passwork manager (very easy to access)
2.) USB stick, and put that in my vault (still easy to restore)
3.) paperkey (clumsy to restore, but useful if the USB stick is damaged)

> On 11/09/2020 1:39 PM Dylan Whyte <d.whyte at proxmox.com> wrote:
> 
>  
> adds a paragraph to the encryption section about
> encoding the master key into a qr code for printing
> 
> Signed-off-by: Dylan Whyte <d.whyte at proxmox.com>
> ---
>  docs/backup-client.rst | 14 +++++++++++---
>  1 file changed, 11 insertions(+), 3 deletions(-)
> 
> diff --git a/docs/backup-client.rst b/docs/backup-client.rst
> index a23535fa..1ef42898 100644
> --- a/docs/backup-client.rst
> +++ b/docs/backup-client.rst
> @@ -365,9 +365,17 @@ To set up a master key:
>    backed up. It can happen, for example, that you back up an entire system, using
>    a key on that system. If the system then becomes inaccessible for any reason
>    and needs to be restored, this will not be possible as the encryption key will be
> -  lost along with the broken system. In preparation for the worst case scenario,
> -  you should consider keeping a paper copy of this key locked away in
> -  a safe place.
> +  lost along with the broken system.
> +
> +In preparation for the worst case scenario, you should consider keeping a paper
> +copy of your master key locked away in a safe place. The ``paperkey`` subcommand
> +can be used to create a QR encoded version of your master key. The following
> +command sends the output of the ``paperkey`` command to a text file, for easy
> +printing.
> +
> +.. code-block:: console
> +
> +  proxmox-backup-client key paperkey --output-format text > qrkey.txt
>  
>  
>  Restoring Data
> -- 
> 2.20.1
> 
> 
> 
> _______________________________________________
> pbs-devel mailing list
> pbs-devel at lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel