Keys
- 1. I recently re-generated some PGP keys in full-on paranoid, proper form (unnetworked live OS, masters stored offline, subkeys on smartcards, embedded JPEG). That part feels good.
1.a. I still have not found a proper solution to the "turn an existing PGP key into a subkey of another key" problem, which I need to do to consolidate UIDs. A lot of people have my old @lwn.net address; I would prefer to merge the identity in with my others.
- 2. That tangent aside, the op-sec problem now becomes "what exactly do I do to ensure the security of the storage device that has my master private key on it?" I find surprisingly little written about this topic.
On the one hand, I want to be able to access it whenever I feel like it, so locking up in a safety-deposit box is right out. But I'm also not the only person who can enter my current residence, so I feel like some sort of security is warranted.
- 3. That led me down the rabbithole of looking at tamper-evident storage products, which you can easily buy online. (I know are other options; this is just the one I wanted to talk about.) So, in theory, I could seal the storage up in a small box with a seal on it, and know afterward if anyone has opened the box while I was away.
However, what I can't figure out is how you could prevent an attacker from buying a set of identical tamper-evident seals on Amazon and just sticking a new one on the box after they clone the data off of the thumb drive or whatever.
And that problem seems to plague all tamper-evident storage options. What am I missing here?
Maybe I'm just tougher than you.
Regardless, the real question at hand is whether [A] these tamper-evident products are 100% useless or [B] I misunderstand how they're meant to be used — for any bag-contents. They seem to be popular as "bank bags" ... but if you can buy identical replacement tabs in bulk on Amazon, what's the point?
@Nathan Willis One thing I've heard of is to paint the keyhole with glitter nailpolish and take a picture of it when it's dried. The nailpolish should make a unique pattern every time you do it.
I haven't done this myself, though.
Christopher Allan Webber at 2017-01-15T15:05:33Z
der.hans likes this.
Note that this was originally a suggestion for screw heads on laptop, now that I'm remembering right. Maybe it would mess up the lock.
But maybe you could paint a unique dab of nailpolish on the tamper-evident seal?