article about Air Gapped OpenPGP Key

[Robert J. Hansen]

> I have never understood why people seem to believe that they cannot safely 
> store a key backup (including the passphrase if necessary) but can safely 
> store a revocation certificate.

It comes into play more when entrusting others.  If I give my lawyer a
copy of my certificate and passphrase with instructions of "revoke these
when I die," I'm giving my lawyer the power to impersonate me should my
lawyer suddenly go rogue.  If I give my lawyer a revocation certificate,
I'm exposed to far less risk.

> And it it really a good idea to use the same passphrase for both mainkey and 
> subkeys?

This can't be answered without knowing about a specific threat that the
person is trying to mitigate.  I think that most models will find this
to be a negligible risk.

(This next quote belongs to adrelanos, not Hauke.)

> Securely wiping of data is a difficult issue. We believe it is safer to
> create a new keypair (a new secring.gpg) than trusting gpg to remove the
> private master key from secring.gpg.

First, using the royal "we" is... well, royal.  "We" is appropriate when
writing a committee report or if the speaker is a sitting monarch.
Otherwise, "I" should be used.

Second, why is a secure wipe necessary?  The only information that's
recoverable is public metadata.  The key material itself is encrypted.

If people doubt me on this, I am quite happy to post my private key to
the list.  So long as you've got a good passphrase on your certificate,
you can post your private key in the _New York Times_.  I'm unaware of
any model in which a private key needs to be securely scrubbed, unless
you're not putting a strong passphrase on the certificate.

Even then, scrubbing data is usually a sign you've misunderstood the
problem you're trying to solve.  If you're concerned about sensitive
data lurking on your hard drive the solution isn't to scrub the drive,
it's to use an encrypted filesystem.