Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Where to back up GPG key?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
grant123
l33t
l33t


Joined: 23 Mar 2005
Posts: 980

PostPosted: Tue May 06, 2014 10:53 pm    Post subject: Where to back up GPG key? Reply with quote

My private GPG key is the only file I can't back up along with the rest of my encrypted backups since I would need it in order to decrypt the backups. How do smart people back up their private GPG key?
Back to top
View user's profile Send private message
John R. Graham
Administrator
Administrator


Joined: 08 Mar 2005
Posts: 10156
Location: Somewhere over Atlanta, Georgia

PostPosted: Tue May 06, 2014 11:28 pm    Post subject: Reply with quote

Your GPG key is protected with a nice long, non-dictionary-word-based passphrase, right? If so, just put it on a couple of memory sticks.

- John
_________________
I can confirm that I have received between 0 and 499 National Security Letters.
Back to top
View user's profile Send private message
grant123
l33t
l33t


Joined: 23 Mar 2005
Posts: 980

PostPosted: Tue May 06, 2014 11:36 pm    Post subject: Reply with quote

Quote:
Your GPG key is protected with a nice long, non-dictionary-word-based passphrase, right?

Actually no because I want to encrypt unattended.
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6228
Location: Room 101

PostPosted: Wed May 07, 2014 1:11 am    Post subject: Reply with quote

grant123 wrote:
Quote:
Your GPG key is protected with a nice long, non-dictionary-word-based passphrase, right?

Actually no because I want to encrypt unattended.

grant123 ... so what prevents someone doing the same, and what purpose does the encyption then serve?

As far as backing up the key goes, you can create a luks partition without the use of a key.

Code:
# cryptsetup -c aes-xts-plain -y -s 512 luksFormat /dev/sdb1
# cryptsetup luksOpen /dev/sdb1 crypt-usb
# mkfs.ext4 /dev/mapper/crypt-usb
# mount /dev/mapper/crypt-usb /mnt/usbstick
# mkdir -p /mnt/usbstick/{headers,gnupg/keys}
# cp /path/to/key /mnt/usbstick/gnupg/keys
# cryptsetup luksHeaderBackup --header-backup-file /mnt/usbstick/headers/luks-header-sda2 /dev/sda2
# umount /mnt/usbstick
# cryptsetup luksClose crypt-usb

... of course the process will require you to memorise the passphrase. I also made a backup of the LUKS header on the disk (which is advisable).

best ... khay
Back to top
View user's profile Send private message
grant123
l33t
l33t


Joined: 23 Mar 2005
Posts: 980

PostPosted: Thu May 08, 2014 12:37 am    Post subject: Reply with quote

Quote:
so what prevents someone doing the same, and what purpose does the encyption then serve?

Machine #1's data is encrypted on machine #1 and then transferred to machine #2. The encryption is meant to prevent someone from breaking into machine #2 and reading machine #1's data.

Quote:
As far as backing up the key goes, you can create a luks partition without the use of a key.

Interesting. Is there a simpler way to password protect my GPG key (without actually assigning a passphrase within the GPG protocol so I can still encrypt unattended)? I'd rather not create and manage a partition for this.
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6228
Location: Room 101

PostPosted: Thu May 08, 2014 1:17 am    Post subject: Reply with quote

grant123 wrote:
Quote:
so what prevents someone doing the same, and what purpose does the encyption then serve?

Machine #1's data is encrypted on machine #1 and then transferred to machine #2. The encryption is meant to prevent someone from breaking into machine #2 and reading machine #1's data.

grant123 ... I think I misinterpreted your question, I'd read the above "encrypted backups" as though you were using LUKS and a gpg-key as the passphrase, thats why I provided how the header (of the encypted partition) could be backed up. Now, re-reading your inital post I don't know where I got that impression.

grant123 wrote:
Quote:
As far as backing up the key goes, you can create a luks partition without the use of a key.

Interesting. Is there a simpler way to password protect my GPG key (without actually assigning a passphrase within the GPG protocol so I can still encrypt unattended)? I'd rather not create and manage a partition for this.

In the example I was using a LUKS encypted usbstick as the backup destination, so not a partiton, a seperate device. As to your question, no, if the key has to function without user input (in the form of a passphrase) then there is no additional protection that can be added.

best ... khay
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum