securely backing up gpg private keys.. to the cloud‽
Tuesday 10:40 a.m.–11:10 a.m.
Target audience: User
Imagine a world in which gpg was not hard to use, and was used widely. Users exchange encrypted email, gpg sign comments on websites, make encrypted backups, and so on.
What happens, in that world, when a user's gpg private key gets deleted? The only backup is encrypted with the lost private key. Catch 22.
We're not in that world, and so we don't often worry about this problem. Unless we've lost gpg key ourselves. But solving the gpg key backup problem seems a necessary step in the path toward that world.
Most ways to back up gpg private keys require physical security, like a safe to keep the key in, and often cumbersome backup and restore procedures.
Keysafe makes backup and restore easy, by backing the private key up to the cloud. It necessarily trades off some security to do so, but manages to make it very expensive to compromise its backups. I'll explain how Argon2, Shamir Secret Sharing, relatively weak passwords, and AES decryption puzzles are combined in keysafe to accomplish this.
Joey has been developing Free Software for 20 years. He is best known for his long involvement in the Debian project, where he led the development of the Debian Installer, and created Debian tools like alien, debhelper, debconf, and pristine-tar. Outside the Debian project, Joey's best known free software projects include git-annex, ikiwiki, and etckeeper. He lately uses Haskell for most projects.
Joey lives deep in the woods in the Appalachian mountains of Tennessee, subsisting on solar power and communicating largely through git pull and push over a dialup modem line.