Also, emails are typically stored locally unencrypted once received. If using SSH your key could be stolen from any of the remote devices that have a copy of your key.
Alternatively, you can airgap your key onto a flash drive to increase security. Since this key could be physically stolen, use drive encryption with a strong password to unencrypt the flash drive (which is empty except for the key or keys). This places the ownership of the key to you instead of with a remote service or device.
I tend to find it more convenient to manage my encryption keys as physical door keys. However, if the remote device belongs to you and you feel confident about your ssh and encryption practices with that device as well then that would work too.
Choose a flash drive that fits easily onto a keyring such as:
By shelf life I think you mean how long they last? Memory lasts based on the number of writes performed to it and while flash is some of the least resilient compared to other memory technologies, SSDs and flash drives have fancy algorithms called wear-leveling algorithms that extend the life of memory by spreading writes throughout the memory space. Even without this algorithm, you probably won’t reach the write limit to kill the flash drive.
Note Section 3.1 Table 2 which measures a life of 614k writes in the worst case on a 16GB flash drive
Email encryption via PGP may also be valid security-wise. The USB thing has worked for me and is about as easy as using a door key to open my files.
No that’s not what I mean. SSDs have a short shelf life meaning: time sitting on an archive doing nothing being unplugged. They can experience data loss in less than 2 years. Hard drives do a better job at sitting still.
I have been using a 4gb thumb drive since 2007. Since then it has had linux/bsd/solaris/windows put on it hundreds of times to do installs. Has had my main linux OS installed to it for a few years when all I had was buggy/broken hardware to use. I have even used it like a normal person would use it a few times. In the last month it has had gentoo, devuan, gNewSense, debian, arch, mint18, antergos, parabola, void, netbsd, freebsd and freedos on it and now has manjaro on it for system rescue. Still woking just fine.
Hard drives also aren’t for long term archival storage. You haven’t mentioned anything about long term storage, how often they will be accessed, how long the data needs to be kept, what kind of security you need, how often you want new keys, Etc.
Nothing wrong with flash storage for a backup. You need multiple backups anyway
I think hdds are going to be my only option. The access to the keys is only sporadic, so the 5 year storage vs 2 year storage against flash is probably more valuable. For real long term… well encrypted and onto the cloud because tape is out of the question.
Hmm this could be a fun little project! How about:
Data is in a Git repo
You make changes, and commit
Git post-commit hook is run, this sends an encrypted encryption key to a RPi (or w/e) via SSH. RPi has a USB hub connected with, lets say, 4 USB-sticks
The key gets written to all 4 USB’s
If everything turns out fine, host encrypts the Git repo with the new key