encryption: add best practice for storing master key
Further clarify that the paperkey should be a last resort recovery option, after a password manager and usb drive. Signed-off-by: Dylan Whyte <d.whyte@proxmox.com>
This commit is contained in:
Dylan Whyte
Dietmar Maurer
parent
5d08c750ef
commit
c5608cf86c
@ -367,11 +367,16 @@ To set up a master key:
|
|||||||
and needs to be restored, this will not be possible as the encryption key will be
|
and needs to be restored, this will not be possible as the encryption key will be
|
||||||
lost along with the broken system.
|
lost along with the broken system.
|
||||||
|
|
||||||
In preparation for the worst case scenario, you should consider keeping a paper
|
It is recommended that you keep your master key safe, but easily accessible, in
|
||||||
copy of your master key locked away in a safe place. The ``paperkey`` subcommand
|
order for quick disaster recovery. For this reason, the best place to store it
|
||||||
can be used to create a QR encoded version of your master key. The following
|
is in your password manager, where it is immediately recoverable. As a backup to
|
||||||
command sends the output of the ``paperkey`` command to a text file, for easy
|
this, you should also save the key to a USB drive and store that in a secure
|
||||||
printing.
|
place. This way, it is detached from any system, but is still easy to recover
|
||||||
|
from, in case of emergency. Finally, in preparation for the worst case scenario,
|
||||||
|
you should also consider keeping a paper copy of your master key locked away in
|
||||||
|
a safe place. The ``paperkey`` subcommand can be used to create a QR encoded
|
||||||
|
version of your master key. The following command sends the output of the
|
||||||
|
``paperkey`` command to a text file, for easy printing.
|
||||||
|
|
||||||
.. code-block:: console
|
.. code-block:: console
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user