strategy /insights for avoiding document content loss due to encryption

I'm about to encourage a group of people to begin using S-Mime and GPG for digital signatures and encryption. I foresee a nightmare of encrypted documents which can no longer be recovered because of lost keys.

The thorniest issue is archiving. The natural way to preserve privacy in an archive is to archive the encrypted document.

But that opens us up to the risk of a lost key when time comes to unarchive a document, or a forgotten password. After all it will be a long way in the future. This would be equivalent to having destroyed the document.

First thought is archiving keys with documents, but that still leaves the forgotten pass phrase. Archiving the passphrase too would be tantamount to archiving in the clear. No privacy.

Clarification: The topic is people losing keys and forgetting pass phrases.

For Current pass phrases: apply constant reinforcement. Use them every day.

Two facts introduce an additional strategy.

1- Sooner or later a re-used pass phrase will be compromised, it is a matter of time.
2- Sooner or later a pass phrase will be forgotten, also a matter of time.

When either happens, you don't want to lose/compromise everything.

So the second strategy is diversify.

Change the pass phrase and key occasionally.

That way only some documents are compromised or lost, not all.

A better title: how to deal with retirement of old pass phrases

When I initially posted the message, my thoughts had come this far but I didn't state the question well, hence this clarification.

The question rephrased: How to retire old pass phrases?

Bear in mind there are archived encrypted documents which are archived along with their private key(s) but still protected by the retiring pass phrase.

"re-encrypt archived content guarded by new current pass phrase" was rejected because it undermines the diversify strategy.

What approaches do you use?

What insights can you offer on the issue?

pbernatchez

Posted 2010-06-08T19:22:26.560

Reputation: 1 501

Answers

Thinking in more general terms, if you store the key with the lock, then there's no reason to have the lock. I would never ask a user to give me or otherwise store their key or password either - if it's still in use then it's an additional security risk.

I generally see encrypted documents as a "for your eyes only" - if they need to be viewed by anyone else than the owner of the key, then the document should be copied and re-encrypted so that whomever else that needs to view it can view it (or set it up so it can be decrypted by multiple keys), not that the owner should give up the key.

If I expect an archivist/historian to pull the unencrypted contents out of an archived file, then I'd re-encrypt the file with a key designated for the archives and the archivist would be responsible for that key, possibly two or three people in case someone forgets or gets hit by an 18-wheeler. (I.e., if the "company" should own the documents in the archive, then they should be re-encrypted with a "company" key. If I send an encrypted document to Bob on some mailing list which is being archived, you should have to come to myself or Bob to get an unencrypted copy for archival.)

If you have issues with people forgetting/losing keys, that's a different problem. Make use of the key part of daily routine by requirement, and don't arbitrarily force users to change keys.

Darth Android

Posted 2010-06-08T19:22:26.560

Reputation: 35 133

There is a TON of research and ideas on how to handle this type of situation in the cryptography world. One of the ones I like is where you simply have two people encrypt the key you are using, but with a key they could never forget or have written down.

Key is encrypted by user 1, the result is then encrypted by user 2.

This way both people have to agree to unencrypt the key. This isn't as insecure if they write it down because there are two people. There's also a TON of key management programs and strategies. Google might be your best bet.

Daisetsu

Posted 2010-06-08T19:22:26.560

Reputation: 5 195

1Actually, from the OP's standpoint, it's less secure, since if either of the two people are unavailable you can't recover the key. – mpez0 – 2010-06-08T23:30:24.153

Write down the key (or keys, as necessary) and store them in a physically secure location. For better safety, have multiple copies in separate physically secure locations. Stuff like safe deposit boxes in separate cites, or fireproof safes in corporate offices.

mpez0

Posted 2010-06-08T19:22:26.560

Reputation: 2 578