[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Storing the recovery key separate from the encryption key?

Hi all,

I feel like this is a very basic question but I’ve not been able to figure out the answer myself yet from the Tarsnap documentation.

I’d like the server that I backup using Tarsnap to only host the encryption key needed to create the encrypted backup. I don’t want it to have the decryption key used when running "tarsnap -x -f” to restore a backup.

I’d like to keep that restore key stored offline somewhere, so that should an attacker breach any of the machines that are backed up using Tarsnap they will not be able to access those Tarsnap backups.

Is this a common pattern, or something that is recommended? How can I achieve this?