Question

We do daily backup for some configuration files of many servers. Each conf file (compressed) is from 100KB to a few MB. Number of new files increased everyday is about 650. They are very important and confidential, so we encrypt each conf file with same pass phrase. However, we must change this phrase every 3 months. And old files can't be deleted, we need to re-encrypt all of them with new phrase. Currently, we have more than 300,000 files. They are stored in a network storage. It's very painful to decrypt and encrypt so many files every 3 months.

I was considering of using GPG:

1. gen a new GPG key
2. set a pass phrase for it, using pass phrase which is updated every 3 months
3. encrypt every conf file use this GPG key
4. 3 months later
5. only change pass phrase of GPG key to latest one, no need to decrypt and encrypt all old files

But this seems insecure. All files can be decrypted use same GPG key with older pass phrase if some one have the old GPG database.

Is there any smarter way to do this kind of task?

Answer 1

This is a typical problem, so it is has a pattern solution.

Mainly you should use key "K" to encrypt the files, and this key should be stored encrypted by key "A".

key "K" should not be distributed nether accessed by anyone else then the service that can decrepit key "A"

key "A" should be rotated, so every time key "A" has changed, it should re-encrypt key "K"

So lets say, in the second month we key "A" is replaced by key "B" and so on.