Difficulties restoring encrypted Backups in my test LAB

[thoenny]

Hello,
I'm very happy with the Proxmox Products and began to play around with them. Especially the PBS is a fantastic Server! But only a tested backup is a good backup and I ran into some difficulties when restoring files from an encrypted Backup.
I created a master key as explained in the documentation and I am able to recover files on the PC I backed up. But when I try to catalog the backup on another host, I get of course a missing key error. Can someone give me a tip what the trick is. How do I use the master-key?

regards, thoenny

 

[thoenny]

Okay, I read the documentation again and more carefully
First I have to extract the encrypted key from the backup, then decrypt it with the master-key and pass the decrypted key with --keyfile to the proxmox-backup-client, in detail:

proxmox-backup-client restore host/mint192/2021-08-31T08:14:29Z rsa-encrypted.key /recover/mint_encrypted.key
proxmox-backup-client key import-with-master-key /recover/mint_decrypted --master-keyfile /path/master-private.pem --encrypted-keyfile /recover/mint_encrypted.key
proxmox-backup-client catalog shell host/mint192/2021-08-31T08:14:29Z server.pxar --keyfile /recover/mint_decrypted.key

This worked and I'm happy, but now I don't understand the advantage of a masterkey. Isn' it easier just to save the key itself?

 

[dcsapak]

Isn' it easier just to save the key itself?

only if you just have a single encryption key

with a master key, each backup can be encrypted with a different key, but you still have a single masterkey with which you can decrypt them