[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Storing the recovery key separate from the encryption key?



On Tue, Aug 25, 2020 at 10:57:44AM -0700, Simon Willison wrote:
> I’d like the server that I backup using Tarsnap to only host the encryption key needed to create the encrypted backup. I don’t want it to have the decryption key used when running "tarsnap -x -f” to restore a backup.

As James said, the utility is tarsnap-keymgmt(1).  In the docs, we
call this schenario a "write-only key":
https://www.tarsnap.com/tips.html#write-only-keys

I'll take a look at adding the phrase "encryption key", and/or
some other way of making that info easier to find.

Cheers,
- Graham