article about Air Gapped OpenPGP Key

Robert J. Hansen rjh at
Tue Nov 19 23:50:20 CET 2013

>> That depends on your threat model. If you fear juridical problems (say,
>> for example, some encrypted mails have been intercepted by the police
>> but they can't decrypt them), destroying the key will prevent you from
>> having to hand it over. In some jurisdictions this may be seen as
>> "contempt of court", and even be punishable, but in most EU countries
>> you're safe when you do this.
> Especially knowing in most EU countries judges are not allowed to  
> force you to
> hand over your secret key, only to decrypt specific messages for them. (Don't
> remember where I read that.)

Most encrypted drive software doesn't actually work the way people  
seem to think they work.  The drive is encrypted with a random nonce.   
This nonce is written to disk in an encrypted format.  When you enter  
a passphrase to unlock the drive, the encrypted random nonce is read  
in and decrypted using the passphrase.  The newly-recovered random  
nonce is then used to do all further crypto operations.  To put the  
data forever beyond recovery, you generate a new nonce, encrypt it  
with the same passphrase, and write it over the old nonce.  If someone  
demands your cryptographic key you can honestly and genuinely give it  
up without any fear of your old data being compromised.  The  
investigator will be able to verify that you've complied with the  
court's order, and the investigator will also be able to verify that  
you never knew the original nonce.

"This drive was originally encrypted with a random nonce which the  
defendant never knew.  The defendant cannot be compelled to produce  
information the defendant never possessed.  This random nonce is  
irretrievably gone.  The defendant *can* be compelled to produce the  
key used to encrypt that random nonce, and the defendant seems to have  
complied with that order -- but the random nonce itself is gone, and  
with it, any hope of recovering the data on the encrypted drive."

I cannot think of a single use case for scrubbing plaintext storage  
devices.  In every use case I can come up with, the user would be  
better served by using an encrypted storage device.  That doesn't mean  
no such use case exists, mind you -- just that I can't think of one.

More information about the Gnupg-users mailing list