Key safety vs Backup : History of a bad day (key-restoration problem)

Nicolas Pillot nicolas.pillot at gmail.com
Sun Oct 28 01:34:47 CEST 2007


[ Disclaimer ]
This post is at the same time a real-life story, and a request for ideas.
I hope the tone of it won't be too boring, and well, if you're impatient,
just skip to the end ! (namely [ Enter the questions ])

[ Intro ]
Good evening to all of you. This is my first post on this list, so
don't hesitate if it's the wrong place to ask for what i'll discuss
here. I hope i've hit the most general list, as my question isn't
exaclty linked to gnupg, though it has been my tool of choice for some
years now.

I come tonight, because, as you could guess, i have a "small" problem.
"Small" in that it's not über-vital, but problematic enough for me be
open for any kind of solution, whatever it might be. Let me explain my
situation and questions, for if you could give any hint, it'll make my
day.

Ages back, i installed some linux distribution. Later on, i heard
about public key encryption schemes. Enters gnupg, which generated my
very first pair of keys, on 24th april 2001. As all newbies are
tempted to, i had it to never expire, and published it on a keyserver.
I have been using it ever since, without any trouble, until this
god-forgotten 21st october 2007. A bloody sunday, as the song says. On
that very day, my hard drive gave an unexpected error and died a
horrible death. All in all, not a surprise, as it was quite old.
data-wise, it was no big trouble as my data are carefully backed up.
The day after, i bought two news drives, set them as raid (this is my
first raid setup) and installed a new system, restored my data.
Everything was almost perfect.

[ Back to the problem ]
Even though my "normal" data are backed up twice (once on a distant
server, and once on removable media), the "immensly
valuable/sensitive/priceless/unique" data (ie, my key) is not backed
up on the same scheme. Instead, when i created the key pair, i
immediately generated a revocation certificate. I then exported the
private and public keys, along with fingerprint, in an ascii file. I
stored the .gnupg folder, the revocation certificate, and the exported
ascii versions on a brand new, dedicated, wooping 32MB usb stick. I
printed the revocation certificate and put it in an archive box by my
grandmother (separate building 450km away), and stored the USB stick
in a box on a shelf in my basement. You might call me paranoid, but i
just did so to avoid the potential trouble some people were having on
the forum. It was an effortless process at that time, and i thought
i'd be safe. On 5th may 2002, about one year later, i lost my hard
drive due to a corrupted FAT and started to panick until i remembered
the usb-stick., which gave me my keys back after an system re-install.
I was happy i did a backup.

So, this monday, 23rd oct, i walked confidently down to the basement,
opened the box, picked the stick, and walked back to the pc, almost
whistling. I mounted it, read-only, or, well.... tried to mount it.
After a big *shrug*, i realized it wouldn't mount whatever i tried to
do. I tried on a windows laptop, and went to a friend's place to see
if his OSX had better chance to access my data. Nothing helped. My
.gnupg folder and ascii keys are unavailable. And as such, my
encrypted data seems to be lost.

After a while, i realized there was not many solutions, and the only
thing i could do to get things done in any kind of right way was to
get my hands back on the revocation certificate. It might even be a
good reason to drive all the way and pay a visit to my grand'ma, after
all. That's what i did today. She was happy to see me, and in good
shape, but it's out of topic. After a while, i climbed in the attic,
where the family treasures lie, and among them, the so-sought
revocation certificate. I opened the archive box, searched various
papers, and found it. Then cursed myself.

The paper was starting to turn yellowish on the edges, and the (black)
ink had turned dim, even gray in some areas, and well, the document
wasn't in outstanding shape. And though most of it was perfectly
readable, there are some small parts, which are quite blurred (due to
humidity ?) and well, i suddenly wondered if there was any curse
hanging over my head. I made a mental note : don't ever, ever, ever
print something important on a cheap bubble-jet printer using discount
ink cartridge. Either do that and then xerox it, or print it on a
laser printer. Using large font-size, and finally, don't use
"courrier" as i did even if you initially thought it'd be ok.

Because now, i'm stuck with a bunch of c/o, I/1, 0/O, and even some
h/b i can't for the love of god figure out who is who. After careful
reading, and although it's very short, i have exactly 8-9 characters i
can't read at all, as the others can be guessed. Had i printed it via
something like "DejaVu sans mono", where small L and ones look
different, and where zeros have an inside center dot, well, the task
wouldn've been easy. Or i could have printed it twice, or even five
times on the same sheet using different fonts !

Here comes the Sad-result-of-a-cursed-day :
- i have lost the digital versions of my .gnupg, ascii pub/priv keys
due to a failing usb stick which hadn't been used for 5+ years.
- this means i have lost all my encrypted data (mainly accounting
information, real-life & web password database, and some old
work-related documents important enough to keep a personnal encrypted
version at home).
- i have a partial printed revocation certificate with 8 unreadable
characters, which means i can't disable the published key.
- this means, furthermore, that even if there are only few people who
were using my public key, they could still use it to encrypt, even if
it's quite useless.
- It seems like i offered the world another confusing key which would
never expire. Hurray !
If i'm wrong on any of these 5 points, don't hesitate to say so !

Even if the double failure is quite irritating, i can do nothing but
accept murphy's law.
But i'm not here to cry, however tempting it might be ;)

After all this, i created a new pair of keys, expiring in 1 year, for
which i'll change the expiration regularly. I made a revocation
certificate, i backed everything up in 3 different places/medium, and
printed it 3 times. paranoïd, eh ? Now, i just wait to see if i could
get some answers to the questions below before publishing the new
public key.

[ Enter the questions ]

Q1: I have the public key (0x26A2F0AE if it's of any use), i know the
secret key passphrase perfectly. Is there any way i could re-compute /
restore / whatever the secret part using this information ? I browsed
the list up to feb 2006, and didn't find any "Lost private key with
known passphrase"-like post. So i guess it's not possible.

Q2: To try and make things straight, i would like to at least revoc
the key. The 8 characters cannot be guessed at any price, as they are
completly blurred. This means there are theoretically 64^8 possible
combinations. If i import only the public key into my keyring, and
then brute-force change the 8 unknown bytes in the certificate, and
each time try to import it, gpg will tell me "read error: invalid
keyring" a zillion times, but in the end it'll finds the good one. My
question is : can a revocation certificate be applied into the keyring
if you only have the public key. I guess so, as the keyservers only
have the public key.

Note that while the answer to Q1 is of immense value, Q2 is only a
ground for a "practical exercice", which might be undertaken to make
things clean, as my data is lost forever.

[ Conclusion ]
This post might be long, but i wanted to share my feelings and
thoughts with the community, namely these points :
- You have to balance the amount of key backups vs the security of the
given backup locations
- Always make a revocation certificate. Back it up using the same
scheme as for keys.
- Additionally, print all the invaluable data (private keys,
certificate). Using different fonts. Using laser/xerox. Even make a
non-digital (optical/film) photograph of it. These last decades ;)
- ... Pray.
- And remember that even if it looks like you're overly-safe,
everything might fail. And will.

Thanks for reading, i wish you all good night.

-- 
Nicolas Pillot (nicolas.pillot at gmail.com)



More information about the Gnupg-users mailing list