On 2016-11-12 at 17:15:49 +1100, Ben Finney wrote: > The best practice is: Use full-disk encryption. The only cost to this is > setting it up before you start using the storage device, and entering > the passphrase every time you start it.
or, if you're only worried about gpg (and ssk keys), move them outside the main storage, ideally to a dedicated device (OpenPGP smart card or usb implementation of it), or at the very least an usb stick. I would feel safe sending my main disk out for repairs, since it has no crypto secrets (they are on a smartcard) nor confidential data (stored on different storage), but by the time it came back I would consider it compromised and requiring a full format + reinstall, so you might as well start by doing a wipe + basic reinstallation now before you send it away, to be sure that any interesting datai, including your deleted .gnupg, is very hard to retrieve. -- Elena ``of Valhalla''
