[ mona / prog / sol ]
Now that I'm a grown-up man, I feel more concerned about online privacy and the security of my data.
Here's my plan so far.
• buy a Smart Card reader and one of those OpenPGP cards: https://www.floss-shop.de/en/security-privacy/smartcards/13/openpgp-smart-card-v3.3
• encrypt my hard disk with LUKS and use the Smart Card at boot time for partition decryption, as described here: https://wiki.majic.rs/Openpgp/protecting_luks_decryption_key_in_debian_jessie_us/
• add my public key to my personal homepage and ask people wanting to email me to use this key in order to encrypt our conversation. (they'll probably never bother, but it will make my homepage look cool and old school.)
encrypt all the conversations with darknet market LSD vendors with my GPG keys (actually, scratch that, it's probably a bad idea and I should use another key for that purpose)
The problem is that I'm a very clumsy person and at some point I know I will lose the card or forget it in my pocket before shoving the laundry into the washing machine and all my precious data will be lost! Therefore, I need a secure backup of my GPG keys. Fortunately, it's easy to backup them on paper with these additional steps:
• Use https://www.jabberwocky.com/software/paperkey/ and https://fukuchi.org/works/qrencode/ to print my GPG keys out on paper as QR codes.
• admit that I will also eventually lose the paper or hide it in a place so secret that even I won't be able to find it again a few weeks later
• reckon that travelling with a Smart Card or a QR code on paper is a security flaw (TSA could force me to use them for a laptop search)
And here comes the revolutionary idea which address the last two points! What if I'd just get a tattoo of the QR codes on my shaved scrotum? The scrotal skin is naturally wrinkled and covered with pubic hair. My keys would be perfectly hidden. There's no way in hell a border agent or even a CIA roody-poo would be able to find them in this particular spot. And I cannot lose my QR code backups unless I lose my balls!
But in all seriousness, any advice on that topic is welcome. Did I forget anything?
* Vendor IDs
The OpenPGP card specification (We have registered its AID) requires a
directory of manufactorer IDs (ala Ethernet). We keep this
information here. When adding new numbers make sure that it will also
be updated in the GnuPG source code (card-util.c)
** 0x0000 - Testcard
** 0x0001 - PPC Card Systems
** 0x0002 - Prism Payment Technologies
** 0x0003 - OpenFortress Digital signatures
** 0x0004 - Wewid AB
** 0x0005 - ZeitControl cardsystems GmbH
** 0x0006 - Yubico AB
** 0x0007 - OpenKMS
** 0x0008 - LogoEmail
** 0x0009 - Fidesmo AB
** 0x000A - Dangerous Things
** 0x000B - Feitian Technologies
** 0x002A - Magrathea
** 0x0042 - GnuPG e.V.
** 0x1337 - Warsaw Hackerspace
** 0x2342 - warpzone e.V.
** 0x4354 - Confidential Technologies
** 0x5443 - TIF-IT e.V.
** 0x63AF - Trustica s.r.o
** 0xBA53 - c-base e.V.
** 0xBD0E - Paranoidlabs
** 0xF517 - Free Software Initiative of Japan
** 0xF5EC - F-Secure
** 0xFF00..FFFE - Range reserved for randomly assigned serial numbers.
Serialnumbers with manufacturer ID in this range are an exception
to the rule that they should be unique. It is expected that such a
serialnumber is assigned using a true random function which
generates 5 bytes (4 for the actual serial number and one to select
a manufacturer ID out of this range). Note, that the 0xffff is not
part of this range. Implementers using serial numbers as a unique
ID should keep in mind that duplicates may happen. Using the of
manufacturer IDs out of this range should only be done if no other
way of obtaining a manufacturer ID is possible.
** 0xFFFF - Testcard
Great idea. Makes me wish I had a scrotum.
If you're in want of another spot to put a qr tattoo you should probably eat at least a little more than you do.