encrypted backups
I'm configuring a new server with backups via duplicity to rsync.net. I'm wondering about my current key strategy. I currently encrypt to my "main" gpg key, and to an additional passphrase protected private key that lives on the server in question. That is mildly annoying to deploy, so I thought it would be a good idea to reconsider my strategy. The second key is protect against the loss of my first key, but I'm not sure there are many threats the passphrase protects against. 1/
encrypted backups
If someone gets access to the private key, then they have access to everything in that the backup runner can read, so they don't really need to decrypt things. There is the difference between access to history and access to a current snapshot, but I don't know how much that buys me. So I could drop the passphrase, or move the private key, but then I have another (small) backup problem. I know people here think about threat models and backups, so feel free to learn me good.
encrypted backups
@bremner I'd caution against making it too difficult for yourself when it comes time to restore. Having lost access to backups because I was too concerned about threats that had no real bearing on my life, I'm now of the opinion that the small risk of an unknown motivated attacker who happens to even understand the backup strategy is much less than the large risk of not being able to recover.