Encryption keys handling?

So say I wanted to periodically backup a set of files using AES-256.

Obviously I’d like to keep the keys safe as I change them, and accessible to visit any backup.

What are the easiest and fastest ways to do this?

My thoughts so far:

  1. Generate new key
  2. Machine hosting data encrypts the data and key
  3. key is stored somewhere else (maybe via ssh, or sent to a secure email with 2 step auth)
  4. host throws away key

This is relatively low scale, so… There is not much to improve in this model is there?

Step 2 is really important. If using email, someone could highjack your email account from a leaked password hash such as in the following cases:

Also, emails are typically stored locally unencrypted once received. If using SSH your key could be stolen from any of the remote devices that have a copy of your key.

Alternatively, you can airgap your key onto a flash drive to increase security. Since this key could be physically stolen, use drive encryption with a strong password to unencrypt the flash drive (which is empty except for the key or keys). This places the ownership of the key to you instead of with a remote service or device.

I tend to find it more convenient to manage my encryption keys as physical door keys. However, if the remote device belongs to you and you feel confident about your ssh and encryption practices with that device as well then that would work too.

Choose a flash drive that fits easily onto a keyring such as:

1 Like

Do flash drives have a short shelf life like ssds?

Also I might encrypt the email and send it.

By shelf life I think you mean how long they last? Memory lasts based on the number of writes performed to it and while flash is some of the least resilient compared to other memory technologies, SSDs and flash drives have fancy algorithms called wear-leveling algorithms that extend the life of memory by spreading writes throughout the memory space. Even without this algorithm, you probably won’t reach the write limit to kill the flash drive.

Note Section 3.1 Table 2 which measures a life of 614k writes in the worst case on a 16GB flash drive

Email encryption via PGP may also be valid security-wise. The USB thing has worked for me and is about as easy as using a door key to open my files.

No that’s not what I mean. SSDs have a short shelf life meaning: time sitting on an archive doing nothing being unplugged. They can experience data loss in less than 2 years. Hard drives do a better job at sitting still.

I have been using a 4gb thumb drive since 2007. Since then it has had linux/bsd/solaris/windows put on it hundreds of times to do installs. Has had my main linux OS installed to it for a few years when all I had was buggy/broken hardware to use. I have even used it like a normal person would use it a few times. In the last month it has had gentoo, devuan, gNewSense, debian, arch, mint18, antergos, parabola, void, netbsd, freebsd and freedos on it and now has manjaro on it for system rescue. Still woking just fine.

Precisely, the thing is that thumb drives are not for long term archival, they are fine while they are in use.

Hard drives also aren’t for long term archival storage. You haven’t mentioned anything about long term storage, how often they will be accessed, how long the data needs to be kept, what kind of security you need, how often you want new keys, Etc.

Nothing wrong with flash storage for a backup. You need multiple backups anyway

True, true…

I think hdds are going to be my only option. The access to the keys is only sporadic, so the 5 year storage vs 2 year storage against flash is probably more valuable. For real long term… well encrypted and onto the cloud because tape is out of the question.

Hmm this could be a fun little project! How about:

  1. Data is in a Git repo
  2. You make changes, and commit
  3. Git post-commit hook is run, this sends an encrypted encryption key to a RPi (or w/e) via SSH. RPi has a USB hub connected with, lets say, 4 USB-sticks
  4. The key gets written to all 4 USB’s
  5. If everything turns out fine, host encrypts the Git repo with the new key
  6. Host removes key
1 Like