Topic: SEED storage on digital media. - page 2. (Read 715 times)

For those who have the courage  to try my method I  share a trick on how to unite in friendship Kleopatra and hardware pgp keys that hold the same secret but have different ID.

The problem is that each HW pgp key has its own unique ID and by  keeping the last used ID in the cache  Kleopatra refuses to work with other clones of HW key.

The work around is the following.

• 1.  Before importing public pgp HW key into Kleopatra remove default keys which come with Tails distribution ( they are developers keys and    become not necessary for your purpose)
• 2.  Insert any HW key from your cloned set
• 3.  Import relevant public key
• 4.  When  being asked about certification choose Cancel
• 5.  Right click imported public key and select Change Trust
• 6.  Choose "It's my certificate"
• 7.  Proceed with your tasks involving inserted HW key: decryption, encryption, signing, verifying what ever you want.
• 8.  After completing your tasks remove you HW pgp key.
• 9.  Right click public key and select Remove
• 10.Close Kleopatra
• 11 .Next time when you open Tails you will have the   pure untouched Kleopatra that doesn't remember HW keys ID. So you can proceed with any key from your cloned set referring to 2 - 10 in this list.

Recently, i made a thread suggesting creating/importing seeds in wallets like Electrum or Sparrow, as they allow you to export encrypted digital backups.

Security tips for making encrypted backups of your seedphrase.

I completely support your idea!  Seed storage on digital media is a crucial topic, we definitely need more threads like this on the forum.

Mantra.

Never recommended by whom, by you?

 Then, don't use it.


Wise people use for this airgaped Tails which doesn't contain any malware including  keylogers , wooden headed folk utilize devices  and OS that have keyloggers.
Regarding,  IronKey Vault, all typing must be done on airgaped machine, it goes without saying, beside IronKey Vault has the build-in virtual keyboard.
Do you have any experience of working with Tails and/or airgapped machine?


Empty words in fact that tell nothing. Tell better how they can leak from my system.


Yeah, yeah , and better on the other planet, let's say on Mars for instance.
 
In fact digital form of storage should be a companion for primitive one, which in my case is a binary code hold on  titan washers .

---

Further on, any referring to primitive forms of SEED storage in this thread will be considered as offtopic. Tread is solely  for the discussion of best methods to store SEED on digital media.

I have shared my SEED protected by described way to close relatives (geographically distant by hundreds miles)  and don't afraid that they or any other folk can get my phrase. They have only flash drives with Tails but all  set of HW pgp  clones  is in my hand.

SEED phrases stored by primitive way can not be shared with other people without revealing them.

It is never recommended to store your seed phrases in any form of digital media, not even using PGP encryption. You never know, you may lost the secret key file and if you lose then you lose the pass phrase. You also is going to type the seed in the digital media, you will never know if there is a keylogger installed in your device. For any form of digital storage, you always have chance to leak your private key.

It's always better and recommended to store you seed in digital form and it needs to be a fireproof solution.

For not tech savvy people, like you, who wanna use digital media for storing sensitive info like SEED phrases, passwords, etc   I would advocate off-the-shelf products like those produced by Kingston.

I have their flash drive from IronKey Vault Privacy 50 Series and must confess that having AES 256 encryption as well as protections from both bad USB and brute force  it may be considered  as a good digital media stuff for storage  SEED phrases . The only drawback I see is that it is not friendly with Linux and works solely on either Windows or Mac OS machines.

My approach is a bit complicated as in fact it has three layers of protection which might  be looked as overkill.

I saw this notification on the bitcointalk supernotifier and it caught my attention because I have done a DIY Seed Storage on a soda can Inspired by Pmalek's Guide. I would have really loved to try this but I am not a tech savvy person. The only software I recognize there in the write up is Kleopatra which I used one time when I learning to sign a message courtesy of bitcoingirl.

With this contribution I'd like to share my latest "innovation": a method I've implemented  for storing my SEED phrases on digital media.

For this purpose, I use the bootable flash drive holding  Tails OS with  all communications drivers locked. Persistent volume of this OS is  secured with a compound password i.e part of this password is  stored in a hardware security key and enters unlocking field via its OTP interface , while other part is entered manually at unlocking volume. HW security key is aimed also for storage  my private ed25519 PGP key.

The persistent volume keeps   KeePassXC database, locked with a composite password that includes a segment stored in HW key. This password differs from that one safeguarding the Tails persistent volume.

The KeyPassXC database houses encrypted GPG messages corresponding to my SEED phrases. These messages are encrypted using my PGP hardware key (smart card in terms of Kleopatra), which is protected by a PIN code. Notably, only two incorrect PIN attempts are permitted; a third incorrect attempt will result in the blocking of access to the PGP key.

For anyone interested , I  provide ppg code for setting up hardware keys.



The corresponding public key is imported into Kleopatra key manager with database situated within the persistent Tails volume.



Consequently, by utilizing Kleopatra and a hardware key, one can decrypt/encrypt SEED phrases  and securely add  encrypted messages  to KeePassXC database.

In practice, I maintain three cloned Tails flash drives and three hardware keys, each serving as a backup for the others.

I welcome any constructive criticism regarding potential points of failure or unknown vulnerabilities in my system.

---

Picture shows my Tails flash drive (in the form of debit card, metal frame)  and pgp HW key