diff options
| author | drduh <github@duh.to> | 2022-03-16 15:29:42 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-03-16 15:29:42 -0700 |
| commit | 4615b5e9192f2e3f2e24f0d998b4029efdd3f2c2 (patch) | |
| tree | eb02b69671039a936bd1e534efc0d928ea393c73 | |
| parent | Merge pull request #294 from DevSecNinja/patch-1 (diff) | |
| parent | Point out that paperkey backups are password-protected (diff) | |
| download | YubiKey-Guide-4615b5e9192f2e3f2e24f0d998b4029efdd3f2c2.tar.gz | |
Merge pull request #292 from mpdude/patch-1
Point out that paperkey backups are password-protected
| -rw-r--r-- | README.md | 6 |
1 files changed, 4 insertions, 2 deletions
@@ -951,10 +951,12 @@ The `revoke.asc` certificate file should be stored (or printed) in a (secondary) # Backup -Once keys are moved to YubiKey, they cannot be moved again! Create an **encrypted** backup of the keyring and consider using a [paper copy](https://www.jabberwocky.com/software/paperkey/) of the keys as an additional backup measure. - +Once keys are moved to YubiKey, they cannot be moved again! Create an **encrypted** backup of the keyring on removable media so you can keep it offline in a safe place. + **Tip** The ext2 filesystem (without encryption) can be mounted on both Linux and OpenBSD. Consider using a FAT32/NTFS filesystem for MacOS/Windows compatibility instead. +As an additional backup measure, consider using a [paper copy](https://www.jabberwocky.com/software/paperkey/) of the keys. The [Linux Kernel Maintainer PGP Guide](https://www.kernel.org/doc/html/latest/process/maintainer-pgp-guide.html#back-up-your-master-key-for-disaster-recovery) points out that such printouts *are still password-protected*. It recommends to *write the password on the paper*, since it will be unlikely that you remember the original key password that was used when the paper backup was created. Obviously, you need a really good place to keep such a printout. + **Linux** Attach another external storage device and check its label: |