Key safety vs Backup : History of a bad day (key-restoration problem)

Atom Smasher atom at smasher.org
Sun Oct 28 07:51:51 CET 2007


On Sun, 28 Oct 2007, Nicolas Pillot wrote:

> You might call me paranoid, but i just did so to avoid the potential 
> trouble some people were having on the forum.
=================

seems like reasonable things to do...


> I mounted it, read-only, or, well.... tried to mount it. After a big 
> *shrug*, i realized it wouldn't mount whatever i tried to do. I tried on 
> a windows laptop, and went to a friend's place to see if his OSX had 
> better chance to access my data. Nothing helped. My .gnupg folder and 
> ascii keys are unavailable. And as such, my encrypted data seems to be 
> lost.
=================

i wouldn't count on it, but there might be a chance that you can read from 
it using dd, copy it to a file, then try to recover data from that. worth 
a shot, but in all likelihood, you're beat.


> Q1: I have the public key (0x26A2F0AE if it's of any use), i know the 
> secret key passphrase perfectly. Is there any way i could re-compute / 
> restore / whatever the secret part using this information ? I browsed 
> the list up to feb 2006, and didn't find any "Lost private key with 
> known passphrase"-like post. So i guess it's not possible.
===================

if that was feasible, pgp wouldn't be worth much.


> question is : can a revocation certificate be applied into the keyring 
> if you only have the public key. I guess so, as the keyservers only have 
> the public key.
===================

yes.


other thoughts...

in theory, if you're *really* using a strong pass-phrase, you can publish 
your private key in a public place and rest secure in the knowledge that 
no known technology can break your 100+ character pass-phrase... and if a 
hard drive or several go up in smoke you can recover a copy from google's 
cache ;)

one thing i've thought about is using a one-time-pad to break a private 
key into 2 (or more) shares. then send (using secure channels) each share 
to one or more trusted persons who don't know each other. maybe put one of 
the shares in a bank safe. if all of your hard drives explode on the same 
day you can collect the shares and reconstruct your key.


-- 
         ...atom

  ________________________
  http://atom.smasher.org/
  762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
  -------------------------------------------------

 	Bob Woodward:
 		"How do you think history will regard the war in Iraq?"
 	George "dubya" Bush:
 		"It won't matter. We'll all be dead."





More information about the Gnupg-users mailing list