Key safety vs Backup : History of a bad day (key-restoration problem)
Sven Radde
email at sven-radde.de
Sun Oct 28 10:37:55 CET 2007
Atom Smasher schrieb:
> in theory, if you're *really* using a strong pass-phrase, you can publish
> your private key in a public place and rest secure in the knowledge that
> no known technology can break your 100+ character pass-phrase... and if a
> hard drive or several go up in smoke you can recover a copy from google's
> cache ;)
A few thoughts on this:
- You could use the very long passphrase, upload to secret key to
somewhere and then change the passphrase back to a shorter one for daily
use.
- Instead of doing this, you could just take your secring.gpg, encrypt
it using "gpg --symmetric" with a really long passphrase and publish the
result.
- You don't really have to publish the so-encrypted file. Just storing
it at one place (or more than one) that is unlikely to fail at the same
time when your local hard disk does will do, too. Think of your work PC,
your webhosters server, some other remote server or whatever. Having the
thing in Google's cache is not necessary (there are no guarantees that
this really is a persistent storage).
- To ensure the accessibility you might schedule a daily cronjob that
does an MD5-calculation on the backup file and compares this against the
known good value. Once things differ, you know that your backup is in
danger. In fact, this is the thing that failed with Nicolas' backup
strategy: The backup became corrupted without him noticing and thus he
could not recover from the subsequent failure of the primary copy.
cu, Sven
More information about the Gnupg-users
mailing list