How to back up my key

Martin martin.brochhaus at gmail.com
Mon Jul 15 09:25:15 CEST 2013


Hello everyone,

I'm new to GPG and unfortunately, the longer I browse the internet and read
about the topic, the lesser I know :(

I would like to hear your opinions on this setup:

1. I have turned my Raspberry Pi into my super secure offline computer.
This system will never be connected to the internet, it uses a keyboard
which I have bought only for this system and both, the RPi and the keyboard
will be locked into my safe. So: No malware, no keyloggers (hardware and
software).

2. I will create my GPG keys on this system and store them on a USB drive
inside a TrueCrypt container. I will carry that drive with me all the time.
I think it's not even necessary to put the keys into a TrueCrypt container
since they are encrypted as well but in case I lose the drive and someone
finds it, he would not immediately know what kind of content he is dealing
with and would probably just delete the stuff.

3. I would like to have further backups of that drive, who knows, it might
get damaged some day and I don't want to lose my key that way.

My questions are the following:

a) Do you see any flaws in that setup?

b) If I assume that my everyday laptop is infested with spyware and
keyloggers (which I don't believe), all my precautions are useless, aren't
they? In order to mount the TrueCrypt volume I have to enter the password
and in order to encrypt/decrypt mails, I have to enter the password for my
GPG key. A spy would now know my password and maybe even be able to
download my key, wouldn't he? Does that mean, I can only encrypt/decrpyt
messages on my offline machine, then copy them on a thumbdrive, then paste
them into my mail client??

c) How can I create further backups? Obviously I can just copy the contents
of my important USB stick onto more sticks. They will hardly all fail at
the same time. Then I could store those sticks at different locations. That
sounds quite inconvenient. I would prefer to store the contents of my
thumbrive on Dropbox or Google Drive, for example. Would that be a problem?
I mean.. it's inside a TrueCrypt container with a very strong password.
Even if someone cracked that container, he would find my encrypted private
key, with an even stronger password. If he would be able to bruteforce even
that password, I think then I am dealing with an enemy with godlike powers
anyways.

Any input is greatly appreciated!

Best regards,
Martin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130715/d08aa46b/attachment.html>


More information about the Gnupg-users mailing list