Hacker News new | past | comments | ask | show | jobs | submit login

If you use a dumb storage like S3 as your backup server, you need to store your keys on the original box

I believe this isn't strictly necessary if you use asymmetric cryptography (e.g. curve25519). For a file, generate a temporary key pair, use it and the backup's public key to encrypt the file, then throw out the private key and send the encrypted file + public key to the server.

Apple uses this technique to move files to the "Accessible while unlocked" state without having the key for that state (i.e. while the device is locked).

Just for the record, asymmetric cryptography is not efficient for encrypting content. What you should do is:

- Generate a temporary key

- Symmetrically encrypt with that key

- Encrypt that key with your long-term assymetric private key, and send the encrypted version along your backups.

And before you hack around your own version, I'd like to point out this is exactly what PGP (and really, any crypto scheme that involves asymmetric keys) does. So, basically, just GPG your backups.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact