installing tq 11 purpose of recovery key?
during trisquel 11 installation under
choose a security key, you get the option
to create a recovery key. It says enable recovery
key. a recovery key key is generated and will be temporarily saved on the live system you can select an alternate location save this file and keep it in a safe place elsewhere before rebooting In what situation do you use the recovery key? Thank you.
The recovery key in LUKS for in case you forget your passphrase. Be careful with it because anyone that gains knowledge of what it is can decrypt the drive without needing to know the passphrase.
is the recovery key a subsidiary psswrd to
access trisquel files? Does
the recovery key provide advantages
in accessing files in
case the hdd or trisquel software gets corrupted or
erroneous?
The recovery key in LUKS is in case you forget your passphrase. That is its purpose. Its one purpose. Its only purpose. No more and no less than that one thing. :)
In the unlikely and unlucky event that your hdd gets corrupted exactly where your LUKS header is stored, then having a backup of the recovery key might save you from loosing all your data. You should not need to use the recovery key in everyday situations.
In that scenario I think a backup of the LUKS header would be needed. My understanding is that the LUKS header contains "key slots" and that the recovery key being mentioned in this topic is nothing more than an additional key in one of those slots, in case the other's forgotten and so wouldn't be much help if the LUKS header itself is somehow corrupted or destroyed - in that scenario all of the keys are gone and the drive can never be decrypted. Nor should it be helpful in the case of regular files, or even entire filesystems, that somehow become corrupted and are unreadable. Or anything other than "oh noes - I don't remember the passphrase anymore."
For those other scenarios we have programs like fsck to deal with filesystem problems, although being able to use fsck would first require the ability to decrypt the drive, either with the passphrase or recovery key... :)
Your right, I assumed the recovery key mentioned by the OP was the master key, which could be also used in scenario of recovery. I should have read the OP post closer because obviously the master key is not optional.
I am a translator!
Thanks for the explanations.
I think it would be nice to add some explanation about this in the installer, otherwise users are confused by that name "recovery key" (I until now had no clue about it).
Since we are discussing on the installer, I also find "passphrase" not clear, I'd rather say "password to enter at boot to decrypt the disk" and have a suggestion to choose it as a random list of words, using the diceware method.