Re: [Duplicity-talk] backup from multiple devices with GPG asymetric key encryption - best practices

[Jeffrey Walton]

On Tue, Jan 11, 2022 at 4:46 PM Jonathan Dray via Duplicity-talk
<duplicity-talk@nongnu.org> wrote:
>
> I'm new to duplicity and to GPG.
> To catch up I read multiple articles and documentation pages online on the 
> subject and I came up with a first working solution that I'm not happy with 
> yet ;)
> And also a couple of questions.
>
> What I have today :
>
> A GPG master key generated offline with tails, following this guide : 
> https://wiki.debian.org/GnuPG/AirgappedMasterKey
> with 2 password protected subkeys: one for encryption, and one for signing
> Duplicity backup commands run with duply that store encrypted backup on a 
> remote S3 like cloud storage hosted by Scaleway : 
> https://www.scaleway.com/fr/object-storage/ Using the encryption keys 
> generated above.
>
> I have successfully sent encrypted data to the remote storage and restored 
> the backed up files from it.
> As for the GPG setup I've imported on my test laptop the encryption and 
> signing subkey pairs (public and private for both)
>
> Now I struggle on 2 main points :
>
> unattended backups
> transpose the setup securely for multiple devices
>
>
> Unattended backups
>
> I have to enter the key passphrase on each backup operation.
>
> I suspect it is the case because my sign key is password protected
> I tried to set up the gpg agent and to store the password in the cache for an 
> unlimited amount of time. Which doesn't work and isn't maybe a wise thing to 
> do anyway.
> That limitation makes it really hard / impossible to setup unattended backups
>
>
> Multiple devices setup
>
> I was advised to create a new key pair specific to backup / storage vs my 
> initial master key that was essentially targeted to be used in a web of trust 
> context (email / git ...).
> Also by design gpg won't let me have multiple encryption subkeys.
>
> Now with that in mind I guess I would have to create a specific backup key 
> pair for each server right ?
>
> To sum up
>
> If I want a different encryption key per device (seems to be the safest 
> option), I have to generate a new keypair for each device right ?
>
> or I should consider that as the encryption private will rarely be on a given 
> server, the risk of that key being stolen is low so having only one key for 
> encryption is reasonable ?
>
> As for the signing key I'm still confused on how to proceed...
>
> should it be managed as a subkey of a device specific keypair ?
> or one single key for all devices ?
> multiple signing keys as subkeys of a separate keypair ?
> What about the passphrase protection ?

I think you are hitting the Unattended Key Storage problem. It is a
wicked hard problem in computer science. Also see Peter Gutmann's
Engineering Security,
https://www.cs.auckland.ac.nz/~pgut001/pubs/book.pdf.

I think the best you can do with unattended backups is to place the
private key on the filesystem without a password and with proper
directory permissions.

You can do better if an operator is present, but that's not always the case.

You should reserve your keys for backups only. Don't use them for
anything else. Generate new keys for your email communications.

Jeff