Topic: GnuPG versus TrueCrypt - page 5. (Read 28803 times)

You do realize they keep backups of your account up to 30 days (officially), this including whole snapshots of permanently deleted files? And if they wanted to get your wallet while you had it, they could. Better just transfer everything to a new wallet and save that.

Nothing. As long as you use AES-256 and encrypt the file listing too.

7zip uses AES-256 and all you have to do is right click on the file and click "add to archive" and set your password in the box. takes only 2minutes from installing 7zip to having your wallet.dat file encrypted.

WARNING TO DROPBOX USERS
if you have ever stored an unencrypted version of your wallet file inside dropbox and deleted it, it still exists in your dropbox account unless you specifically delete it from the history.

I wouldn't trust a tool originally designed for compressing data to safely encrypt data. GPG exists for protecting data. Also, PGP has been around for a long time. It is well-understood and has been reviewed for flaws. It is also far more flexible than things like encrypted zip/7zip files.

Encryption is hard to properly implement. GPG has earned quite a bit of trust in the community for a reason.

Depends on how it does the encryption. Maybe they also have a good AES256 implementation. Maybe it's crap.

this is true, I always forget about that feature since I never touch it. Almost the entirety of my PGP/GPG use is email and sharing files via http

whats wrong with 7zip and use a password with a .7z archive?

Note that you can use symmetric encryption by itself. See above. No need to use a public key in that instance.

one of the problems with using gpg, is you also have to backup your public and private key. The most likely scenario where you need to recover a backed up wallet, is if your computer has crashed. Truecrypt can allow you to decrypt something with simply a password or a keyfile or both. also, true crypt allows that if some one gets access to your computer, they cant just find your public/private key pair and unlock your wallet... (unless you of course save the decryption key in truecrypt like a dumbass)

What I personally do, is store my gpg keys and my wallet in a truecrypt volume, then email that volume to myself, to store it in 3 places, sent computer, web based email service, and recieved computer. then use a 50+ character passphrase to gain access.

I see many people recommending TrueCrypt for backing up and securing wallets. I think it is important to protect wallets, but I suggest that GnuPG would be the better tool. As BTC become increasingly valuable, it becomes more and more important to use the best tools to protect your stash.

GPG is more than a tool facilitating symmetric crypto. It is a standardized and well-tested suite of tools that permit encryption/signing of arbitrary data such as files and email. Basically, anyone looking to get deeper into the bitcoin economy would be well-advised to understand and use GPG to develop and maintain a cryptographically strong reputation. TrueCrypt just isn't as flexible. GPG also follows an established standard, and it interoperable with commercial software. TrueCrypt does not. TrueCrypt also isn't available for nearly as many platforms as GPG.

TrueCrypt's novel feature is the "deniable" filesystem. Bruce Schneier has published some work on it and stated that he "wouldn't trust it."

Then there is the small matter of licensing. GnuPG is licensed under the GPL. TrueCrypt has a non-free license.

From http://en.wikipedia.org/wiki/Truecrypt#Licensing


How to use GPG?


This will compress and then encrypt your wallet using your private GPG key. The -a flag tells gpg to give you ascii-armored (printable) output. The -o flag tells gpg to name the output file "text_crypt_wallet.txt". You can then print this out. The file will look something like this:


I recommend first moving bitcoins to a fresh wallet with a single address via a single transaction, so as to have as small a file as possible. Otherwise, you may end up with many pages of output.

Make sure the font is OCR-readable (http://en.wikipedia.org/wiki/Optical_character_recognition) and large enough to avoid scanning and transcription errors. Also, make sure to keep track of page numbers.

If you don't have a GPG key, you can encrypt it via just a symmetric cipher and password:


Just don't forget your password.

By default, GPG uses CAST5 as the symmetric cipher. Note that you can always specify which symmetric cipher you want to use (all of gpg's ciphers are considered strong) with one of these flags:


To recover the wallet, you can scan the document and OCR it to a file. Then decrypt it:


If you are running GNU/Linux, you probably already have GnuPG If you have windows, you can get GnuPG here: http://www.gpg4win.org/