 |
 |
Hello, Keeping track of keys has been a pain in the past for me. I still believe it's the best method. Now that I'm much more focused and organized it hasn't been a problem. But having a physical copy of the key tucked away will be helpful to me in the future. As far as institutional data, i can see some areas of concern. Who's keeping track of the keys? And is that info passed along with employment changes? Thanks, Cornel Darden Jr. Chief Information Officer Casanova Information Services, LLC Office Phone: (779) 205-3105 Mobile Phone: (708) 705-2945 Sent from my iPhone > On Mar 31, 2016, at 10:29 AM, Matt Schultz <[log in to unmask]> wrote: > > Hello, > > I’m writing to the list on a somewhat personal note. But I think any responses to my question might also shed insights on future workflows in my workaday world. > > I have a personal use case wherein I would like to store some encrypted directories of data (at rest) on external hard drives. The idea being to keep a full copy of some of my own personal data at an offsite location in a secure format. > > I didn’t have the intermediate storage resources to image the full backups that the target directories reside on - and there was too much other file system overhead that was extraneous in any event. So, my initial approach has been to make use of GPGTools and a pair of RSA keys to encrypt tarballs of each of the desired directories. I’ve successfully serialized, encrypted and passphrase decrypted the directories. I’m using BagIt to validate on both sides and all is well there. Everything appears to be working just fine for me. Larger directories do take some time naturally – RSA is a less efficient algorithm as I understand it. That aside, I feel reasonably confident that I can manage and migrate my keys going forward. I’m also maintaining a duplicate non–encrypted backup of all of this data at home as well in any event. > > My question is whether there are any limitations to use of RSA and the approach I am taking to encrypting the contents in this serialized form? Would anybody go about this in a different manner? Perhaps with different tools? I’m out in front of the loss scenario in this case, so I have the time/luxury to make some changes to how I am going about this if I get some good advice. > > And then to the degree that the librarians, archivists, or records managers on this list want to weigh-in, are there any emerging best practices or compelling use cases you have encountered for encrypting archives of your institutional data. If so, how did you weigh or mitigate the benefits (privacy/security) against the risks (e.g, mis-placing keys). I’m very interested in what the Records in the Cloud Project is producing: http://www.recordsinthecloud.org/. > > Thanks, > — > Matt Schultz > Metadata & Digital Curation Librarian > Grand Valley State University Libraries > [log in to unmask]<mailto:[log in to unmask]> > 616-331-5072