[ILUG] Hard Disk Protection in Live CD Boot Ups
kd.gnu.linux at gmail.com
Wed Jan 14 13:31:38 GMT 2009
Can I use the same GPG key for harddisk encryption?
On Wed, 2009-01-14 at 13:17 +0000, Josh Glover wrote:
> 2009/1/14 Kuda Dube <kd.gnu.linux at gmail.com>:
> > I would really like to start implementing a personal security strategy
> > and infrastructure from scratch and incorporate some or all of the
> > aspects you specified. Where can I get a template/guide for such a
> > task? Josh, can you share or put a rough guide on this ... just to help
> > get started! Looking at personal files, e-mail, etc ... locally and in
> > the cloud!
> It is really not that hard to get the basics right:
> 1. Encrypt everything
> 2. Generate a GPG key of at least 2048 bits, and protect it with a
> complex passphrase
> 3. Generate a key revocation certificate for your GPG key and keep
> several hard copies around. I keep one in my wallet and one in my
> safety deposit box at the bank. Locking one in your desk drawer at
> work would be OK as well.
> 4. Once everything is encrypted, you can store it anywhere you like,
> so make sure you have backups in at least two places.
> 5. Encrypt your private key with another private key and store copies
> in a couple of places. Keep one and only one copy of that private key
> in a safe place. Remember, this is just to protect you from losing
> access to your real private key, and compromise of that key means that
> you are still protected by your passphrase, which should give you
> enough time to revoke that key and pull down all the copies of stuff
> encrypted with it.
> Others may have different suggestions, or spot flaws in my strategy.
> Either way, I welcome comments.
More information about the ILUG