Generate password in dom0?

It would be nice to have the strongest possible password in backing up Qubes. Is there a way to generate a password in dom0 and copy it over to keepassxc in vault for saving for saving? The idea would be to later backup that keepassxc file off the machine along with the backed up Qubes. I know the password is potentially saved in dom0 as plain text anyway.

It would be nice to have the strongest possible password in backing up Qubes. Is there a way to generate a password in dom0 and copy it over to keepassxc in vault for saving for saving? The idea would be to later backup that keepassxc file off the machine along with the backed up Qubes. I know the password is potentially saved in dom0 as plain text anyway.

There are plenty of ways, such as using openssl to generate random
numbers or simply cat /dev/random | base64. None of these are really
any more secure than generating the password in Keepassxc, assuming that
your vault VM does not process anything other than keepass and is not
networked. This is doubly so when you are planning on moving the
password out of dom0 anyway.

As for copying data in and out of dom0:

in:


qvm-run -ap <vm> "cat <file to copy>" > output.txt

Copy and paste works for output, using the clipboard tray applet.
Alternatively:


qvm-copy-to-vm <vm> file

Cool. I was trying not to copy from vault to dom0, just the other way. Would only need for hardware failure anyways. I’ll try your suggestions! Thank you

just my own opinion but for backups or disaster recov i like to keep those written on paper

nothing sucks more when you need the backup and you forgot the password. or the password is on something you cannt access anymore…like say keepass program broken or the keepass file doesnt open

Ok but if I make a password in another qube and copy as a file to dom0, say as a text file, how can I copy that text for use in the backup manager password? Don’t think I can copy from vim or nano for long passwords easily?

Ok but if I make a password in another qube and copy as a file to dom0, say as a text file, how can I copy that text for use in the backup manager password? Don’t think I can copy from vim or nano for long passwords easily?

The simplest way would be cat passwordfile.txt and
highlighting/copying the text off the terminal.

Other options are xclip, or using the ‘+’ buffer in vim (select the
text in visual mode and type "+y to yank to the X11 clipboard).

In any case where your password is too long for these methods, it is
probably longer than necessary. A megabyte password isn’t appreciably
more secure than a 64 byte one, but is far slower and difficult to use.

Just a note of caution: If you don’t have your backup passphrase memorized, make sure you will actually be able to restore your data in a major disaster scenario (e.g., all technology you own is destroyed, but you survive). In other words, make sure to avoid a catch-22 in which your unmemorized backup passphrase is locked inside of a file, and in order to unlock that file, you must supply… your backup passphrase.

1 Like