One Mechanism
On 28th of November the New Root Key Task Force used the following procedure for backup of the Root and Sub-Root Keys:
- Boot a secure (totally disconnected from any network, directly cabled keyboard, etc) machine in secure mode (Debian system).
- Attach a secure media (USB Stick)
- Generate fresh key pairs, making sure that the secret key is either generated on the secure media, or in the ramdisk and copied onto the USB media afterwards:
- Two different parties are to escrow the key (e.g., board and systems administration) then generate separate keypairs. The USB sticks for escrow are in mirror and attached with tape to each other.
- Export the public key (pubring.gpg) to the local harddisk or the Internet.
- Securely store the secure media with the secret keys on it.
- Reboot the machine
- Setup the backup system to encrypt the backups to that public key.
- Test the first backup made.
- Test every 12 months.
Make sure that even the encrypted key is never accessible by a computer that is connected to the internet. Always unplug and reboot the systems with a secure distribution when you use the key!