Re: Best GPG practices before sending computer to maintenance.
On 2016-11-12 at 17:15:49 +1100, Ben Finney wrote:
> The best practice is: Use full-disk encryption. The only cost to this is
> setting it up before you start using the storage device, and entering
> the passphrase every time you start it.
or, if you're only worried about gpg (and ssk keys), move them outside
the main storage, ideally to a dedicated device (OpenPGP smart card or
usb implementation of it), or at the very least an usb stick.
I would feel safe sending my main disk out for repairs, since it has no
crypto secrets (they are on a smartcard) nor confidential data (stored
on different storage), but by the time it came back I would consider it
compromised and requiring a full format + reinstall, so you might as
well start by doing a wipe + basic reinstallation now before you send it
away, to be sure that any interesting datai, including your deleted
.gnupg, is very hard to retrieve.
--
Elena ``of Valhalla''
Reply to: