[ mona / prog / sol ]


data encryption for dummies [OPSEC]

1 2020-03-01 22:00

Now that I'm a grown-up man, I feel more concerned about online privacy and the security of my data.

Here's my plan so far.

• buy a Smart Card reader and one of those OpenPGP cards: https://www.floss-shop.de/en/security-privacy/smartcards/13/openpgp-smart-card-v3.3
• encrypt my hard disk with LUKS and use the Smart Card at boot time for partition decryption, as described here: https://wiki.majic.rs/Openpgp/protecting_luks_decryption_key_in_debian_jessie_us/
• add my public key to my personal homepage and ask people wanting to email me to use this key in order to encrypt our conversation. (they'll probably never bother, but it will make my homepage look cool and old school.)
encrypt all the conversations with darknet market LSD vendors with my GPG keys (actually, scratch that, it's probably a bad idea and I should use another key for that purpose)

The problem is that I'm a very clumsy person and at some point I know I will lose the card or forget it in my pocket before shoving the laundry into the washing machine and all my precious data will be lost! Therefore, I need a secure backup of my GPG keys. Fortunately, it's easy to backup them on paper with these additional steps:

• Use https://www.jabberwocky.com/software/paperkey/ and https://fukuchi.org/works/qrencode/ to print my GPG keys out on paper as QR codes.
• admit that I will also eventually lose the paper or hide it in a place so secret that even I won't be able to find it again a few weeks later
• reckon that travelling with a Smart Card or a QR code on paper is a security flaw (TSA could force me to use them for a laptop search)

And here comes the revolutionary idea which address the last two points! What if I'd just get a tattoo of the QR codes on my shaved scrotum? The scrotal skin is naturally wrinkled and covered with pubic hair. My keys would be perfectly hidden. There's no way in hell a border agent or even a CIA roody-poo would be able to find them in this particular spot. And I cannot lose my QR code backups unless I lose my balls!

But in all seriousness, any advice on that topic is welcome. Did I forget anything?



do not edit these