Protecting Encryption Keys

Discussion in 'privacy technology' started by rpk2006, Oct 14, 2016.

  1. rpk2006

    rpk2006 Registered Member

    Jan 29, 2003
    Planet Earth
    I have encryption keys and encryption passwords stored in a TrueCrypt volume. I also have a copy of both, keys and passwords, on a CD.

    But I want to store these encryption keys and passwords on a different secure cloud storage which uses AES-256 encryption for data at rest. On this cloud service I won't be keeping any encrypted files. Here only encryption keys and password files will be stored.

    Even if the secure cloud service encrypts data on the client-side before it gets stored on their servers, I want to encrypt all the keys and passwords. I don't want to store unencrypted.

    Now here is a little challenge:

    (1) To encrypt all encryption keys and passwords, I need a different key or password which is not in the set containing keys and passwords.

    (2) Where to store this master password to decrypt encryption keys. One I can create and store in LastPass or any other Password Manager.

    (3) For encrypting keys and passwords, I want to encrypt with a password but at the same time I want to sign all the files. If I use GnuPG for signing, I would require another key, which I don't want.
  2. deBoetie

    deBoetie Registered Member

    Aug 7, 2013
    Not certain of your requirement, what would be the issue in keeping the data inside a TC container - it's just a smallish file as far as the cloud service is concerned - though I would bet a lot of money that the TLAs will be taking a copy of it. Myself, I do not put that kind of thing on the cloud, I'd prefer distributing the physical copies.

    I personally have a limited number of long strong master passwords in a hierarchy that I remember (based on Diceware). These then open various other accounts and password managers (I also use Yubikey on the LastPass and Password Safe managers).