Skip to content

Key Management Issues – how long do I need to save the key?

July 7, 2012

What’s tough for Privly (and all encryption schemes) is key management.  I had a long talk with a friend of mine last week and this was one of the issues we discussed at length.

See the big problem is when I encrypt something I need to use a key to secure it.  Then, I need a key to unlock it later.  And if I want to share data (like Privly is intended for), I need to be able to make sure my friends have a key to open the posts they are supposed to access.  So far, this doesn’t seem too bad, but here’s where it gets tricky…

How long do I want to save my data for?  If it’s just for a single session, I don’t have to worry about key preservation.  I still need to make sure I have some way of getting a secure key from me to whomever I am communicating with, but that’s very manageable in a case like this.  So, a Skype call needs a password for the length of the call.  After that, the password can safely be discarded, never to be used / needed again.  The same thing applies for an HTTPS session.  It only needs to last while i’m communicating to that server.

BUT – what if I’m encrypting pictures / videos of my kids.  I want to save that for a long, long time.  In addition to normal data failure (dead hard drive, accidental delete, lack of format support, etc.) I now need to add all the possible encryption failures – corruption, and for our purposes here – loss of key.  Do you still remember your high school locker combination?  What if you used unbreakable encryption on family memories and then forgot the password and couldn’t recover them?  Heartbreaking.  If you encrypt your computer files today – will you remember your keys 30 years from now?

The thought for now is that Privly will target more transient data – facebook status posts, twitter messages and similar things that you may not care if they are preserved for the long term or not.  So maybe key retention isn’t a big issue, or maybe it is.  Perhaps longer retention items just won’t be part of the Privly target market.

Interesting questions that I need to give more thought to.



Comments are closed.

%d bloggers like this: