Ask HN: How do you keep highly sensitive information off-site for a long time?

2 points by adontz ↗ HN
How do you keep highly sensitive information off-site for a long time?

To be more specific, and to ask about some case (while general answers are welcome too): Imagine I'm running private certification authority. I have my root certificate and private key. For everyday use I generated some intermediate certificates to sign other certificates by intermediate ones. So if server is compromised, it's more or less OK, since I do not have root certificate private key on server (just do not need it), and I can generate a few new intermediate certificates, revoke old ones, regenerate issued certificates, conduct some transition and keep root certificate as is. So, I want to keep root certificate private key for 10 years, to be able to generate new intermediate certificates, just in case.

To be more generic, and to ask broader question: I want to save in safe place some data I need rarely (once a few years), but really do not want to loose under any circumstances, including natural disasters and human errors.

Of course, I do not ask about general backup best practices. I mean, I backup databases encrypted off-site, but I think that is different, because:

1) I do not have master copy. For database there is database and backup of database. For root CA certificate private key there is only backup.

2) Databases are generally not that sensitive, information outdates quickly. Minute resolution log of CPU load is no match to root certificate private key. Such information can be used years after it leaked.

3) Databases backup usually should not be kept for more than a few months. So, if my off-site storage provider goes out of business, it is not a big deal.

4) Restore checks are often (once a month at least), while I ask more about "backup and forget for 10 years" case. So I may not even be aware I lost my data until I need it.

3 comments

[ 14.2 ms ] story [ 702 ms ] thread
Go physical. PK and certificate data can be recorded physically and stored in non-tech place the only relies on physical access.

Digital == hackable

Find a good reliable long-term physical storage option (I don't know one to suggest maybe someone else can).

If it's a small amount of data you could use a QR code printed on paper then put the paper in a safety box?

You might consider using a cryptographic protocol for secret sharing [1], such as the one of Shamir [2]. These protocols divide a secret into shares, so that the secret can be recovered, even in part, only by assembling a specified number M of the total N shares, M < N. You could give one or more shares to each of several custodians, as numerous and diverse as your budget and requirements dictate.

[1] https://en.wikipedia.org/wiki/Secret_sharing [2] http://dl.acm.org/citation.cfm?id=359176