article about Air Gapped OpenPGP Key
Robert J. Hansen
rjh at sixdemonbag.org
Tue Nov 19 23:50:20 CET 2013
>> That depends on your threat model. If you fear juridical problems (say,
>> for example, some encrypted mails have been intercepted by the police
>> but they can't decrypt them), destroying the key will prevent you from
>> having to hand it over. In some jurisdictions this may be seen as
>> "contempt of court", and even be punishable, but in most EU countries
>> you're safe when you do this.
> Especially knowing in most EU countries judges are not allowed to
> force you to
> hand over your secret key, only to decrypt specific messages for them. (Don't
> remember where I read that.)
Most encrypted drive software doesn't actually work the way people
seem to think they work. The drive is encrypted with a random nonce.
This nonce is written to disk in an encrypted format. When you enter
a passphrase to unlock the drive, the encrypted random nonce is read
in and decrypted using the passphrase. The newly-recovered random
nonce is then used to do all further crypto operations. To put the
data forever beyond recovery, you generate a new nonce, encrypt it
with the same passphrase, and write it over the old nonce. If someone
demands your cryptographic key you can honestly and genuinely give it
up without any fear of your old data being compromised. The
investigator will be able to verify that you've complied with the
court's order, and the investigator will also be able to verify that
you never knew the original nonce.
"This drive was originally encrypted with a random nonce which the
defendant never knew. The defendant cannot be compelled to produce
information the defendant never possessed. This random nonce is
irretrievably gone. The defendant *can* be compelled to produce the
key used to encrypt that random nonce, and the defendant seems to have
complied with that order -- but the random nonce itself is gone, and
with it, any hope of recovering the data on the encrypted drive."
I cannot think of a single use case for scrubbing plaintext storage
devices. In every use case I can come up with, the user would be
better served by using an encrypted storage device. That doesn't mean
no such use case exists, mind you -- just that I can't think of one.
More information about the Gnupg-users