From c5608cf86c28cc39320332070f8e84a3bbc0ff75 Mon Sep 17 00:00:00 2001 From: Dylan Whyte Date: Tue, 10 Nov 2020 12:04:56 +0100 Subject: [PATCH] encryption: add best practice for storing master key Further clarify that the paperkey should be a last resort recovery option, after a password manager and usb drive. Signed-off-by: Dylan Whyte --- docs/backup-client.rst | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/docs/backup-client.rst b/docs/backup-client.rst index 1ef42898..125c1fbc 100644 --- a/docs/backup-client.rst +++ b/docs/backup-client.rst @@ -367,11 +367,16 @@ To set up a master key: and needs to be restored, this will not be possible as the encryption key will be lost along with the broken system. -In preparation for the worst case scenario, you should consider keeping a paper -copy of your master key locked away in a safe place. The ``paperkey`` subcommand -can be used to create a QR encoded version of your master key. The following -command sends the output of the ``paperkey`` command to a text file, for easy -printing. +It is recommended that you keep your master key safe, but easily accessible, in +order for quick disaster recovery. For this reason, the best place to store it +is in your password manager, where it is immediately recoverable. As a backup to +this, you should also save the key to a USB drive and store that in a secure +place. This way, it is detached from any system, but is still easy to recover +from, in case of emergency. Finally, in preparation for the worst case scenario, +you should also consider keeping a paper copy of your master key locked away in +a safe place. The ``paperkey`` subcommand can be used to create a QR encoded +version of your master key. The following command sends the output of the +``paperkey`` command to a text file, for easy printing. .. code-block:: console -- 2.39.2