5
I'm about to encourage a group of people to begin using S-Mime and GPG for digital signatures and encryption. I foresee a nightmare of encrypted documents which can no longer be recovered because of lost keys.
The thorniest issue is archiving. The natural way to preserve privacy in an archive is to archive the encrypted document.
But that opens us up to the risk of a lost key when time comes to unarchive a document, or a forgotten password. After all it will be a long way in the future. This would be equivalent to having destroyed the document.
First thought is archiving keys with documents, but that still leaves the forgotten pass phrase. Archiving the passphrase too would be tantamount to archiving in the clear. No privacy.
Clarification: The topic is people losing keys and forgetting pass phrases.
For Current pass phrases: apply constant reinforcement. Use them every day.
Two facts introduce an additional strategy.
1- Sooner or later a re-used pass phrase will be compromised, it is a matter of time.
2- Sooner or later a pass phrase will be forgotten, also a matter of time.
When either happens, you don't want to lose/compromise everything.
So the second strategy is diversify.
Change the pass phrase and key occasionally.
That way only some documents are compromised or lost, not all.
A better title: how to deal with retirement of old pass phrases
When I initially posted the message, my thoughts had come this far but I didn't state the question well, hence this clarification.
The question rephrased: How to retire old pass phrases?
Bear in mind there are archived encrypted documents which are archived along with their private key(s) but still protected by the retiring pass phrase.
"re-encrypt archived content guarded by new current pass phrase" was rejected because it undermines the diversify strategy.
What approaches do you use?
What insights can you offer on the issue?
1Actually, from the OP's standpoint, it's less secure, since if either of the two people are unavailable you can't recover the key. – mpez0 – 2010-06-08T23:30:24.153