article about Air Gapped OpenPGP Key

Leo Gaspard ekleog at gmail.com
Wed Nov 20 01:21:55 CET 2013


On Tue, Nov 19, 2013 at 02:50:20PM -0800, Robert J. Hansen wrote:
> >>That depends on your threat model. If you fear juridical problems (say,
> >>for example, some encrypted mails have been intercepted by the police
> >>but they can't decrypt them), destroying the key will prevent you from
> >>having to hand it over. In some jurisdictions this may be seen as
> >>"contempt of court", and even be punishable, but in most EU countries
> >>you're safe when you do this.
> >
> >Especially knowing in most EU countries judges are not allowed to force
> >you to
> >hand over your secret key, only to decrypt specific messages for them. (Don't
> >remember where I read that.)
> 
> Most encrypted drive software doesn't actually work the way people seem to
> think they work.  The drive is encrypted with a random nonce.
> [...]

Actually, I answered the "encrypted mails" part. Thanks anyway.

> I cannot think of a single use case for scrubbing plaintext storage devices.
> In every use case I can come up with, the user would be better served by
> using an encrypted storage device.  That doesn't mean no such use case
> exists, mind you -- just that I can't think of one.

Well... I can see one : the user used a plaintext storage device without
thinking about it, and then understands he needs an encrypted device and scrubs
his hard drive when the encrypted drive is set up with the necessary
information.

Another one would be (paranoid) fear about the long long term : who knows some
three-letter agency would not steal your computer, and store its hard drive
content until decryption is available (say, 10 years from now, being quite
optimistic?). So scrubbing the already-encrypted data would help ensure data is
never recovered.

Maybe scrubbing a specific file, without need to reset files on full blocks,
block-based encryption being AFAICT the most frequent way of encrypting complete
hard drives.

That's all I can figure out.

Cheers,

Leo



More information about the Gnupg-users mailing list