After a week of remodeling going on at the work office, I come back and find that my laptop is missing (we’ll just assume stolen at this point, really).

Right not I can’t do much but fret about what was wrong with its setup (the most wrong probably being the lack of full disk encryption because it was a work issue Dell XPS with Ubuntu preinstalled that I didn’t have the time to reinstall with Debian). All I can do now is hope that the people who stole it aren’t identity thieves as well. If you start to see random posts here, well….

What I need now, for when I get my replacement laptop, is a well thought out plan for how to do encryption/security right. What I’m thinking is:

• For my GPG subkey I use for signing, do xyz
• For my GPG subkey I use for personal encryption (password files etc), do zyx
• For my GPG subkey I use for automatic personal encryption (backups), do yxz
• For my ssh key I use for remote server access, do zxy
• For my ssh key I use for automatic remote server access (backups), do yzx
• etc

For all of these, the xyz could include things like “store on an encrypted volume usb key that never leaves home” or some such. In other words: I want to do this the right way. In the places I cut corners (ie: automatic backups) I know I’m cutting corners and thus those things have limited reach/use.

Dear helpful security crypto web: Where is that guide or set of guides?