[pbs-devel] [PATCH proxmox-backup 09/13] paperkey: add short key ID to subject
Fabian Grünbichler
f.gruenbichler at proxmox.com
Mon Nov 23 09:47:49 CET 2020
On November 23, 2020 9:30 am, Dietmar Maurer wrote:
>> I originally wanted to keep the full fingerprint in, but conceded to
>> your space arguments here and only included the short version.. I also
>> don't really buy the confusion, since unless the user has manually
>> looked inside the key file they don't even know that or how the
>> fingerprint is stored there - in the user-facing parts we only ever show
>> the short key ID. furthermore we already paperkey the pretty-printed
>> version so if the user restores that the checksum of the keyfile is
>> different anyhow.
>
> Don't get that. You delete the fingerprint, so if a user restores that key
> he don't have a fingerprint to compare?
the short key ID is put into the subject now to make human matching of
paperkey printouts and manifest/snapshot lists easier.
if the user restores the paperkey into a keyfile, anytime that keyfile
is used it will re-generate the fingerprint on the fly. if the keyfile
is modified (e.g. on passphrase/KDF change), the generated fingerprint
will also be persisted again. we don't have a 'restore paperkey' command
(yet), but if we ever do, that could of course also regenerate the full
fingerprint and persist it on writing out the keyfile.
More information about the pbs-devel
mailing list