July 22, 2021

Is storing the primary PGP key on an external device security theater?

Let us assume that we have done the following

1. Generate a PGP keypair A
2. Publish public key of A to a keyserver
3. Generate subkeys of A for signing (S), and encrypting (E)

We need to be sure that the device on which we generated the keys in the first place is not compromised otherwise this whole process would be useless. Thus, let us assume that this is the case (even if this might not be a trivial task in the first place).

Next, we separate A from S and E. We store A on an external device with no network connection. We encrypt the external device.

This procedure has several advantages. If S or E got compromised, we can easily revoke them using A. Since A is never exposed to any network, it seems unlikely that A ever gets compromised.

Now, we need a backup for A in case we loose the external device on which A is stored, or the harddrive fails. I think that it is a good idea to also keep an unencrypted backup of your key in case your harddrive gets corrupted. Recovering files from an encrypted device is a pain if not impossible.

Of course, this backup is performed without any network connection. Again, we need to be sure that the device which performs the backup is not compromised.

It is advised to have an offsite backup in order to physically separate your local backups and your data on your local machines.

Where do we keep these backups? If we decide to keep a backup of the key in some cloud, then we need to encrypt this backup on client-site. Let us assume that we are encrypting this backup using symmetric encryption, let us say AES-256. Where do we store the symmetric key? We need a backup of this key. Where do we store it? The procedure repeats. I do not see a good practice for this case.

If we decide to not store the backup of our key in some cloud, we need to store it on an external device and keep this device safe in some physically separated place where it is never connected to the network. Where do we keep it? We can not encrypt this backup when using the same argument as above.

The title of this article is deliberately provocative, but I do not see any viable way to ensure the security of my data and to prevent data loss at the same time.

Thank you very much for your time.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.