Keeping .gnupg folder in cloud

Pete Stephenson pete at heypete.com
Thu Sep 18 12:35:13 CEST 2014


On 9/18/2014 11:32 AM, Sudhir Khanger wrote:
> What are your views on keeping .gnupg folder in cloud? I am working on
> a threefold backup system - a local external drive, a local nas server
> and a third-party cloud service like S3/CrashPlan. Backup will be
> fully encrypted client side. My plan is to avoid complexity by backing
> up everything in home folder which would include .gnupg folder by
> default. My threat level is non-existent. I use encryption and GPG as
> a matter of good internet and security practices and not because of
> necessity. What do you guys think?

In general, I'd recommend against it, but in your specific situation I
don't really see a problem.

Some people have gone so far as to publicly publish (is that redundant?)
their encrypted private keys[1] to the internet. Assuming that the
crypto is sound and the passphrase protecting the key is strong, and
your system has not been compromised (e.g. there's no keylogger),
there's very little to worry about. Still, probably not a good idea.

Cheers!
-Pete

[1]
<https://filippo.io/on-keybase-dot-io-and-encrypted-private-key-sharing/>




More information about the Gnupg-users mailing list