[SOLVED] Paperkey ( master vs. client encryption key)

[Denny Fuchs]

hi,

on the manual, I have the following:

It is recommended that you keep your master key safe, but easily accessible, in order for quick disaster recovery. For this reason, the best place to store it is in your password manager, where it is immediately recoverable. As a backup to this, you should also save the key to a USB drive and store that in a secure place. This way, it is detached from any system, but is still easy to recover from, in case of emergency. Finally, in preparation for the worst case scenario, you should also consider keeping a paper copy of your master key locked away in a safe place. The paperkey subcommand can be used to create a QR encoded version of your master key. The following command sends the output of the paperkey command to a text file, for easy printing.

proxmox-backup-client key paperkey --output-format text > qrkey.txt

but, is that "master" key the correct word, or is it the client encryption key. Because, it takes the file from

~/.config/proxmox-backup/encryption-key.json

which is not the master key.

cu denny

 

[dcsapak]

yes, by default the paperkey command takes the default key, not the master key, you have to give the path e.g.

proxmox-backup-client key paperkey ~/mymasterkey.pem

see also 'man proxmox-backup-client' for the remaining options of the paperkey command

 

[Denny Fuchs]

Hi @dcsapak

that is, what I thought ... but ... the output looks very strange to me you have around 12 QR code blocks, surrounded by the lines from the key itself. It looks much different, than from the client encryption key. Maybe, the paperkey is not able to handle a key pair, but symmetric keys ?

cu denny

 

[dcsapak]

no thats normal, since there is only so much info that can go into one qr code, a big key needs multiple qr codes