new helper program for configuration import / export

Peter Lebbing peter at digitalbrains.com
Mon Oct 20 10:55:48 CEST 2014


On 19/10/14 22:08, Hauke Laging wrote:
> No. Why should that be better / easier than encrypting the whole 
> archive?

It wouldn't; I simply hadn't thought of it. In other words:

>> Or am I still not comprehending what it is you want to do?

Indeed.

;)

When at some point my thoughts strayed to this mail thread, I suddenly
thought "D'Oh! Of course, it's much better to simply wrap it in a
symmetrically encrypted archive!". It seems we're on the same page again :).

> Especially as there may be other information in ~/.gnupg which you
> don't want to become public.

trustdb.gpg, yes.

I proposed using a blacklist rather than a whitelist, because I suspect
useful files might later crop up. I came to realise a trade-off there
which needs to be mentioned: if you use a whitelist and miss useful
files, your backup is possibly not useful. That's bad. But if you use a
blacklist and a file is later added that compromises your security and
is included in the backup, that is a security issue. That's worse. But
this is mitigated by encrypting the whole backup with a good password.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>



More information about the Gnupg-users mailing list