[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Storing the recovery key separate from the encryption key?

To: Simon Willison <swillison@gmail.com>
Subject: Re: Storing the recovery key separate from the encryption key?
From: Graham Percival <gperciva@tarsnap.com>
Date: Tue, 25 Aug 2020 14:55:46 -0700
Cc: tarsnap-users@tarsnap.com
In-reply-to: <A90DAC7A-1A31-42C1-8F71-694DBD522B18@gmail.com>
References: <A90DAC7A-1A31-42C1-8F71-694DBD522B18@gmail.com>

On Tue, Aug 25, 2020 at 10:57:44AM -0700, Simon Willison wrote:
> I’d like the server that I backup using Tarsnap to only host the encryption key needed to create the encrypted backup. I don’t want it to have the decryption key used when running "tarsnap -x -f” to restore a backup.

As James said, the utility is tarsnap-keymgmt(1).  In the docs, we
call this schenario a "write-only key":
https://www.tarsnap.com/tips.html#write-only-keys

I'll take a look at adding the phrase "encryption key", and/or
some other way of making that info easier to find.

Cheers,
- Graham

References:
- Storing the recovery key separate from the encryption key?
  - From: Simon Willison <swillison@gmail.com>

Prev by Date: Re: Storing the recovery key separate from the encryption key?
Next by Date: Pass password via environment variable
Previous by thread: Re: Storing the recovery key separate from the encryption key?
Next by thread: Pass password via environment variable
Index(es):
- Date
- Thread