Author

Topic: SEED storage on digital media. (Read 795 times)

hero member
Activity: 714
Merit: 1298
December 20, 2024, 02:51:59 AM
#30

OP is an enthusiast, and while he does like to play with stuff, he already took my advice to think properly on an inheritance plan (at least he wrote that).



Yeah, my commitment to developed scheme remains strong. Following your advice I have acquired very useful stuff - FNB58 USB tester which as I think  will help to avoid damage resulted from the faulty  port for both my HW dongles and encrypted media:

Quote from: satscraper

I also took into account the potential bit-flips resulted from cosmic rays,  events  which happen sometimes and to mitigate this I have extended my armor by two  Samsung Pro Endurance microSD cards and spread my digital storage over the world  to my friends and relatives. I intend to buy at least one-two card/flash-drive each coming year and spread them also. Such doing is affordable for me.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
December 18, 2024, 01:06:48 PM
#29
Take, for example, the same ZX Spectrum. Of course, buying technically obsolete devices will be a little more difficult than a regular purchase in an electronics store, but still, it is possible. Therefore, even if USB ports change in 10 years (or more) (Type-C already differs from USB 2.0-3.0), then you can still find retro devices on the market, which will become modern technology. And regarding the fact that children will not know how to use USB, the Internet will increasingly accumulate knowledge and this information will certainly be stored on the network. Knowing that a parent \ relatives in the distant past had a bitcoins, these children will find a way to use USB. Smiley

I had a local Spectrum clone back in the nineties, it was the machine for my first "computer" games and my first lines of code. But I've sold it at some point. I am not sure I'd know where from could I buy one now if I'd want to - I mean in my country.

While indeed, you may find old hardware at enthusiasts one may need to be inclined toward such "circles" in order to know about them. The heirs may not know if their struggle will pay off and may give up early.
And back to ZX Spectrum: I know for sure that my kids would have quite a hard time to figure out they can feed the computer with programs from audio cassettes  Wink

So I stick to the advice of also keeping it physical, no matter how one wants to play and test.


OP is an enthusiast, and while he does like to play with stuff, he already took my advice to think properly on an inheritance plan (at least he wrote that).




I seriously don't understand one thing, why do you guys try to make things harder? Just buy a ColdCard or The Passport Foundation wallet, both of them are air-gapped, then write down seeds on fire, water and impact resistant metal plates or just shop on Trezor's website and you'll find other safe creative storages.

Aside from what other member have said, there are few others uncommon reason such as.
1. The HW company or official seller can't ship to your country or region.
2. Don't want to leave any trace or history that they buy or own hardware wallet.

Actually for signing a Tails stick is just fine. Or a SeedSigner is not that difficult to build.
..Just this topic is about long term storage of a seed, and some insist on digital storage, and more than just for test/fun.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
October 23, 2024, 04:21:21 AM
#28
I seriously don't understand one thing, why do you guys try to make things harder? Just buy a ColdCard or The Passport Foundation wallet, both of them are air-gapped, then write down seeds on fire, water and impact resistant metal plates or just shop on Trezor's website and you'll find other safe creative storages.

Aside from what other member have said, there are few others uncommon reason such as.
1. The HW company or official seller can't ship to your country or region.
2. Don't want to leave any trace or history that they buy or own hardware wallet.
legendary
Activity: 4326
Merit: 8950
'The right to privacy matters'
October 19, 2024, 09:56:41 AM
#27
Let's say a very bad case of bad luck and every time and every laptop you try to use to read any of those USB key it breaks them. What then? How confident would you feel when the second one is already broken and you still didn't manage to make more backups? Yes, I know, it's extreme... Still, I recommend some physical means too as backup.
No matter how digitalized the world is, there is no escape from the physical world and at least 1 backup should always be physical.

We are in 2024. USB is still widely used, but various flavors tend to change the trend. I would not be surprised if in 10 years already the USB port will not look like now. I expect USBC, for example for the port. Plus: 25 years ago CD/DVD was a thing, now it's no more; are you sure your kids or nephews will know - when the time comes - what to do with an USB stick? Will you be sharp enough in 20-30 years to change the storage (from USB stick) to something that will be then "in trends"?

I will only add this Star Trek classic: https://www.youtube.com/watch?v=hShY6xZWVGE
If you look a little into the past (in time), then before CD/DVD, magnetic tapes were used, which, if you really want to, can still be found, as well as playback devices. Retro devices even 40 years old are now not a problem to find and use. Take, for example, the same ZX Spectrum. Of course, buying technically obsolete devices will be a little more difficult than a regular purchase in an electronics store, but still, it is possible. Therefore, even if USB ports change in 10 years (or more) (Type-C already differs from USB 2.0-3.0), then you can still find retro devices on the market, which will become modern technology. And regarding the fact that children will not know how to use USB, the Internet will increasingly accumulate knowledge and this information will certainly be stored on the network. Knowing that a parent \ relatives in the distant past had a bitcoins, these children will find a way to use USB. Smiley

ebay has a shit ton of obsolete gear.

I sometimes list old clean hdds at a high price with an offer option.

I say that these can be used to recover old hdds if you are in the business.

Ie dissasemble my working old drive and the indentical dead old drive.

lift the disk from the old dead drive and put it in my working old drive.

I have sold about 20 old hdds this way to different hdd recovery people.
legendary
Activity: 1792
Merit: 1296
Playbet.io - Crypto Casino and Sportsbook
October 19, 2024, 09:14:51 AM
#26
Let's say a very bad case of bad luck and every time and every laptop you try to use to read any of those USB key it breaks them. What then? How confident would you feel when the second one is already broken and you still didn't manage to make more backups? Yes, I know, it's extreme... Still, I recommend some physical means too as backup.
No matter how digitalized the world is, there is no escape from the physical world and at least 1 backup should always be physical.

We are in 2024. USB is still widely used, but various flavors tend to change the trend. I would not be surprised if in 10 years already the USB port will not look like now. I expect USBC, for example for the port. Plus: 25 years ago CD/DVD was a thing, now it's no more; are you sure your kids or nephews will know - when the time comes - what to do with an USB stick? Will you be sharp enough in 20-30 years to change the storage (from USB stick) to something that will be then "in trends"?

I will only add this Star Trek classic: https://www.youtube.com/watch?v=hShY6xZWVGE
If you look a little into the past (in time), then before CD/DVD, magnetic tapes were used, which, if you really want to, can still be found, as well as playback devices. Retro devices even 40 years old are now not a problem to find and use. Take, for example, the same ZX Spectrum. Of course, buying technically obsolete devices will be a little more difficult than a regular purchase in an electronics store, but still, it is possible. Therefore, even if USB ports change in 10 years (or more) (Type-C already differs from USB 2.0-3.0), then you can still find retro devices on the market, which will become modern technology. And regarding the fact that children will not know how to use USB, the Internet will increasingly accumulate knowledge and this information will certainly be stored on the network. Knowing that a parent \ relatives in the distant past had a bitcoins, these children will find a way to use USB. Smiley
hero member
Activity: 714
Merit: 1298
September 28, 2024, 01:46:40 AM
#25
OP I visited this topic in the past, but I didn't get it in detail, just in general. One day I want to understand everything, but from what I saw it seems cool and ingenious.

Thanks for your  appraisal, you will not waste your time in the course of diving into this technique.

BTW, I have refill my Tails ammo (which keeps my SEED and other sensitive info) with two  Samsung Pro Endurance microSD cards with  enterprise grade NAND cells that  "stands up against magnets, X-rays, water, drop and  wearout"




legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
September 28, 2024, 12:05:10 AM
#24
I like the idea of ​​creating encrypted digital backups, I like seeing people's creativity.

That's something I completely agree with.
My concerns are on the fact the digital backup is indeed safely made and stored and that a complicated approach may become "too complicated" even for yourself in case something unexpectedly bad happens.
But yes, creativity is nice.

Simple works, but it depends on the person's point of view, whether they feel comfortable with "simple" or want something more complex. The important thing is to sleep with peace of mind.

Well said.
hero member
Activity: 1120
Merit: 540
Duelbits - Play for Free | Win for Real
September 27, 2024, 02:07:37 PM
#23
I seriously don't understand one thing, why do you guys try to make things harder? Just buy a ColdCard or The Passport Foundation wallet, both of them are air-gapped, then write down seeds on fire, water and impact resistant metal plates or just shop on Trezor's website and you'll find other safe creative storages. And that's all, your wallet is generated and stored safely. Why should you make process harder and have a headache when you can super simplify everything without losing protectability?

Will you be sharp enough in 20-30 years to change the storage (from USB stick) to something that will be then "in trends"?
That's a very good warning but in the first case, he shouldn't make things hard when there isn't necessity of it, especially when the pros don't outweigh the cons, i.e. the risk/safety ratio is worse in this case.
I like the idea of ​​creating encrypted digital backups, I like seeing people's creativity. I have developed my own method that offers good plausible deniability and resistance against brute force attacks.

Simple works, but it depends on the person's point of view, whether they feel comfortable with "simple" or want something more complex. The important thing is to sleep with peace of mind.

OP I visited this topic in the past, but I didn't get it in detail, just in general. One day I want to understand everything, but from what I saw it seems cool and ingenious.
hero member
Activity: 714
Merit: 1298
September 27, 2024, 11:59:27 AM
#22
I seriously don't understand one thing, why do you guys try to make things harder?

Because we have the skills.   Tongue

Just buy a ColdCard or The Passport Foundation wallet,


I'm the owner of Passport2 and shared bunch of tips on this device here on forum. Just look at my history. Wink



then write down seeds on fire, water and impact resistant metal plates

The primitive media like "fire, water and impact resistant metal plates" doesn't allow to share it  with SEED among geographically distant relatives (as they can easily peep up my SEED). My sophisticated media can be distributed with no worry  about SEED safety (as a matter of fact I shared it with my distant) relatives).


then write down seeds on fire, water and impact resistant metal plates or just shop on Trezor's website and you'll find other safe creative storages. And that's all, your wallet is generated and stored safely. Why should you make process harder and have a headache when you can super simplify everything without losing protectability?

Will you be sharp enough in 20-30 years to change the storage (from USB stick) to something that will be then "in trends"?
That's a very good warning but in the first case, he shouldn't make things hard when there isn't necessity of it, especially when the pros don't outweigh the cons, i.e. the risk/safety ratio is worse in this case.

I'm sharp enough, don't worry  Wink
hero member
Activity: 882
Merit: 792
Watch Bitcoin Documentary - https://t.ly/v0Nim
September 27, 2024, 11:10:36 AM
#21
I seriously don't understand one thing, why do you guys try to make things harder? Just buy a ColdCard or The Passport Foundation wallet, both of them are air-gapped, then write down seeds on fire, water and impact resistant metal plates or just shop on Trezor's website and you'll find other safe creative storages. And that's all, your wallet is generated and stored safely. Why should you make process harder and have a headache when you can super simplify everything without losing protectability?

Will you be sharp enough in 20-30 years to change the storage (from USB stick) to something that will be then "in trends"?
That's a very good warning but in the first case, he shouldn't make things hard when there isn't necessity of it, especially when the pros don't outweigh the cons, i.e. the risk/safety ratio is worse in this case.
hero member
Activity: 714
Merit: 1298
September 27, 2024, 01:41:41 AM
#20
What alternative software do you think could be used instead of Kleopatra and KeyPassXC?

I didn't try any other alternatives, thus I can not take the responsibility for the consequences of the use of other software.  However to generate your security key you may use (as I did) the following commands  instead of using Kleopatra (which in fact the interface for GnuPG) for this purpose:

Code:

gpg --expert --full-gen-key
  
Choose 9

choose 1

choose 0

3

gpg --export-secret-key --armor


Take care of the secret key you have exported.(I have encrypted mine with HW pgp and keep it in Tails persistent volume)
member
Activity: 143
Merit: 82
September 27, 2024, 01:02:28 AM
#19
What alternative software do you think could be used instead of Kleopatra and KeyPassXC?
hero member
Activity: 714
Merit: 1298
September 27, 2024, 12:50:38 AM
#18
Can I ask you to elaborate on the "hardware pgp keys", please? How do you suggest making them? How to use and update them step-by-step?

I use YubiKey 5 series dongles which among other protocols support OpenPGP 3 (however I can assume that there are other dongles whch sopprt openPGR, just DYOR). Regarding on how to use them, please see my opening post which described step-by-step procedure on how to  set the security key  to your YubiKey. Should you have any further questions, feel free to ask me.
member
Activity: 143
Merit: 82
September 26, 2024, 04:16:46 AM
#17
Can I ask you to elaborate on the "hardware pgp keys", please? How do you suggest making them? How to use and update them step-by-step?
hero member
Activity: 714
Merit: 1298
May 11, 2024, 12:39:40 PM
#16
What may be wrong with HW  keys that hold my pgp secret? Don't say about physical damage.

Let's say a very bad case of bad luck and every time and every laptop you try to use to read any of those USB key it breaks them. What then? How confident would you feel when the second one is already broken and you still didn't manage to make more backups? Yes, I know, it's extreme... Still, I recommend some physical means too as backup.


Well, this is highly, highly unbelievable scenario to happen,  nevertheless I have took it seriously and to prevent it I will buy in the nearest future  USB tester to control voltage on D+ and D- lines. Have seen this stuff recently  on Amazon, the price around $50 is not to worry about. Thanks.

P.S. In this scenario applied to my setup, USB pens with Tails would get damage   first, rather than HW pgp keys.



[

We are in 2024. USB is still widely used, but various flavors tend to change the trend. I would not be surprised if in 10 years already the USB port will not look like now. I expect USBC, for example for the port. Plus: 25 years ago CD/DVD was a thing, now it's no more; are you sure your kids or nephews will know - when the time comes - what to do with an USB stick? Will you be sharp enough in 20-30 years to change the storage (from USB stick) to something that will be then "in trends"?


Should USB be replaced by new interface my private pgp key can be easily ported. HW is just a holder of that key.

BTW, two of my HW keys have NFC interface alongside with USB.  Wink
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
May 11, 2024, 11:27:59 AM
#15
What may be wrong with HW  keys that hold my pgp secret? Don't say about physical damage.

Let's say a very bad case of bad luck and every time and every laptop you try to use to read any of those USB key it breaks them. What then? How confident would you feel when the second one is already broken and you still didn't manage to make more backups? Yes, I know, it's extreme... Still, I recommend some physical means too as backup.

We are in 2024. USB is still widely used, but various flavors tend to change the trend. I would not be surprised if in 10 years already the USB port will not look like now. I expect USBC, for example for the port. Plus: 25 years ago CD/DVD was a thing, now it's no more; are you sure your kids or nephews will know - when the time comes - what to do with an USB stick? Will you be sharp enough in 20-30 years to change the storage (from USB stick) to something that will be then "in trends"?

I will only add this Star Trek classic: https://www.youtube.com/watch?v=hShY6xZWVGE
hero member
Activity: 714
Merit: 1298
May 11, 2024, 10:48:21 AM
#14

While I don't fully agree with your trust in the USB keys Smiley (even if they're 3 of them),

Really intrigued because those keys are crucial for my guarding system.  What may be wrong with HW  keys that hold my pgp secret? Don't say about physical damage. Should this happens with any  key it can be easily replaced. In fact their quantity can be increased at any time but I don't see the need for keeping more than three keys  at the moment.



Are we indeed talking about a significant amount that deserves the hassle of paid legal service,

You can guess yourself  Wink
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
May 11, 2024, 10:04:58 AM
#13
Lock-time transactions for inheritance is awkward stuff in my view as they required a constant renewal while you alive. Besides, any legitimate inheritance plan must contain the legal  strand.

In my case, the relevant flash drives, PIN to HW pgp keys and detailed instruction will be handed over to heir by me in person,  while he will get the envelope with those physical pgp keys  from representatives of the legal service I have contracted with.

While I don't fully agree with your trust in the USB keys Smiley (even if they're 3 of them), I do think that this "inheritance model" is better than the lock time approach.

Are we indeed talking about a significant amount that deserves the hassle of paid legal service, or are you talking about a hypothetical future scenario? (Clearly, you don't have to answer me on this, it's something you have to think/answer to yourself, you know..)
hero member
Activity: 714
Merit: 1298
May 08, 2024, 03:27:23 AM
#12

Lock-time transactions for inheritance is awkward stuff in my view as they required a constant renewal while you alive. Besides, any legitimate inheritance plan must contain the legal  strand.

In my case, the relevant flash drives, PIN to HW pgp keys and detailed instruction will be handed over to heir by me in person,  while he will get the envelope with those physical pgp keys  from representatives of the legal service I have contracted with.
legendary
Activity: 2310
Merit: 4085
Farewell o_e_l_e_o
May 08, 2024, 12:29:39 AM
#11
Agreed, this is the weakness of human being whose  memory is vulnerable to deceases, hard accidents and senility.

Thus, I'm in the process of development of the inheritance plan, just for above reason.
I know you are very technical man, more than me, and I believe you knew about these risk very well. There are public cases like CEO of an exchange years ago suddenly died and he is the only one who control treasury of that exchange. Maybe more cases like this, I could not remember them all, from business level to family or individual level.

With individuals, they can learn from Hal Finney who has a chronic disease and prepare for his wife to inherit his Bitcoin private keys and bitcoins. You can do the same for ones you love, wife/ husbands, children, ...

[1] Crypto CEO dies holding the only passwords that can unlock millions in customer coins
[2] Quadriga CEO's widow speaks out over his death and the missing crypto millions
[3] Bitcoin and me (Hal Finney)
[4] Using Locktime for inheritance planning, backups or gifts
hero member
Activity: 714
Merit: 1298
May 06, 2024, 02:23:49 AM
#10
In practice, I maintain three cloned Tails flash drives and three hardware keys, each serving as a backup for the others.

I welcome any constructive criticism regarding potential points of failure or unknown vulnerabilities in my system.

It's an interesting setup and I kinda like it. And 3 copies sounds good.

Still... flash drives can get corrupted a bit too easy for my liking. I mean I had to reformat or throw away at least 10 USB disks in the last 20 years... and we're talking about very long time here, right?
This is the issue with electronic devices. They can get broken easier than more physical stuff.

Yeah, I know that they can may break down. That is why I'm testing each of my cloned flash drive regularly on the month bases. It's highly unlikely that all three will fail simultaneously  because of poor workmanship, thus if  any of them  were noticed as corrupted it  could be replaced by other clone.



I will add that age or an accident or stroke can make you forget the passwords/PINs you've used there.


Agreed, this is the weakness of human being whose  memory is vulnerable to deceases, hard accidents and senility.

Thus, I'm in the process of development of the inheritance plan, just for above reason.

legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
May 05, 2024, 02:00:29 PM
#9
In practice, I maintain three cloned Tails flash drives and three hardware keys, each serving as a backup for the others.

I welcome any constructive criticism regarding potential points of failure or unknown vulnerabilities in my system.

It's an interesting setup and I kinda like it. And 3 copies sounds good.

Still... flash drives can get corrupted a bit too easy for my liking. I mean I had to reformat or throw away at least 10 USB disks in the last 20 years... and we're talking about very long time here, right?
This is the issue with electronic devices. They can get broken easier than more physical stuff.


I will add that age or an accident or stroke can make you forget the passwords/PINs you've used there.


These are the weak spots I've seen.
hero member
Activity: 714
Merit: 1298
May 05, 2024, 03:26:27 AM
#8
For those who have the courage  to try my method I  share a trick on how to unite in friendship Kleopatra and hardware pgp keys that hold the same secret but have different ID.

The problem is that each HW pgp key has its own unique ID and by  keeping the last used ID in the cache  Kleopatra refuses to work with other clones of HW key.

The work around is the following.

  • 1.  Before importing public pgp HW key into Kleopatra remove default keys which come with Tails distribution ( they are developers keys and    become not necessary for your purpose)
  • 2.  Insert any HW key from your cloned set
  • 3.  Import relevant public key
  • 4.  When  being asked about certification choose Cancel
  • 5.  Right click imported public key and select Change Trust
  • 6.  Choose "It's my certificate"
  • 7.  Proceed with your tasks involving inserted HW key: decryption, encryption, signing, verifying what ever you want.
  • 8.  After completing your tasks remove you HW pgp key.
  • 9.  Right click public key and select Remove
  • 10.Close Kleopatra
  • 11 .Next time when you open Tails you will have the   pure untouched Kleopatra that doesn't remember HW keys ID. So you can proceed with any key from your cloned set referring to 2 - 10 in this list.
hero member
Activity: 1120
Merit: 540
Duelbits - Play for Free | Win for Real
May 04, 2024, 05:43:43 AM
#7
I completely support your idea!  Seed storage on digital media is a crucial topic, we definitely need more threads like this on the forum.
Recently, i made a thread suggesting creating/importing seeds in wallets like Electrum or Sparrow, as they allow you to export encrypted digital backups.

Security tips for making encrypted backups of your seedphrase.
legendary
Activity: 1820
Merit: 2700
Crypto Swap Exchange
May 03, 2024, 03:36:25 AM
#6
Tread is solely  for the discussion of best methods to store SEED on digital media.

I completely support your idea!  Seed storage on digital media is a crucial topic, we definitely need more threads like this on the forum.
hero member
Activity: 714
Merit: 1298
May 03, 2024, 02:07:22 AM
#5
It is never recommended to store your seed phrases in any form of digital media, not even using PGP encryption.

Mantra.

Never recommended by whom, by you? Smiley

 Then, don't use it.

You also is going to type the seed in the digital media, you will never know if there is a keylogger installed in your device.

Wise people use for this airgaped Tails which doesn't contain any malware including  keylogers , wooden headed folk utilize devices  and OS that have keyloggers.
Regarding,  IronKey Vault, all typing must be done on airgaped machine, it goes without saying, beside IronKey Vault has the build-in virtual keyboard.
Do you have any experience of working with Tails and/or airgapped machine?

For any form of digital storage, you always have chance to leak your private key.


Empty words in fact that tell nothing. Tell better how they can leak from my system.

It's always better and recommended to store you seed in digital form and it needs to be a fireproof solution.

Yeah, yeah , and better on the other planet, let's say on Mars for instance.
 
In fact digital form of storage should be a companion for primitive one, which in my case is a binary code hold on  titan washers .




Further on, any referring to primitive forms of SEED storage in this thread will be considered as offtopic. Tread is solely  for the discussion of best methods to store SEED on digital media.

I have shared my SEED protected by described way to close relatives (geographically distant by hundreds miles)  and don't afraid that they or any other folk can get my phrase. They have only flash drives with Tails but all  set of HW pgp  clones  is in my hand.

SEED phrases stored by primitive way can not be shared with other people without revealing them.
legendary
Activity: 2800
Merit: 2736
Farewell LEO: o_e_l_e_o
May 02, 2024, 09:06:16 PM
#4
For not tech savvy people, like you, who wanna use digital media for storing sensitive info like SEED phrases, passwords, etc   I would advocate off-the-shelf products like those produced by Kingston.
It is never recommended to store your seed phrases in any form of digital media, not even using PGP encryption. You never know, you may lost the secret key file and if you lose then you lose the pass phrase. You also is going to type the seed in the digital media, you will never know if there is a keylogger installed in your device. For any form of digital storage, you always have chance to leak your private key.

It's always better and recommended to store you seed in digital form and it needs to be a fireproof solution.
hero member
Activity: 714
Merit: 1298
May 02, 2024, 09:57:16 AM
#3
I saw this notification on the bitcointalk supernotifier and it caught my attention because I have done a DIY Seed Storage on a soda can Inspired by Pmalek's Guide. I would have really loved to try this but I am not a tech savvy person. The only software I recognize there in the write up is Kleopatra which I used one time when I learning to sign a message courtesy of bitcoingirl.

For not tech savvy people, like you, who wanna use digital media for storing sensitive info like SEED phrases, passwords, etc   I would advocate off-the-shelf products like those produced by Kingston.

I have their flash drive from IronKey Vault Privacy 50 Series and must confess that having AES 256 encryption as well as protections from both bad USB and brute force  it may be considered  as a good digital media stuff for storage  SEED phrases . The only drawback I see is that it is not friendly with Linux and works solely on either Windows or Mac OS machines.

My approach is a bit complicated as in fact it has three layers of protection which might  be looked as overkill.

sr. member
Activity: 560
Merit: 265
April 30, 2024, 11:24:30 AM
#2
I saw this notification on the bitcointalk supernotifier and it caught my attention because I have done a DIY Seed Storage on a soda can Inspired by Pmalek's Guide. I would have really loved to try this but I am not a tech savvy person. The only software I recognize there in the write up is Kleopatra which I used one time when I learning to sign a message courtesy of bitcoingirl.
hero member
Activity: 714
Merit: 1298
April 30, 2024, 03:37:25 AM
#1
With this contribution I'd like to share my latest "innovation": a method I've implemented  for storing my SEED phrases on digital media.

For this purpose, I use the bootable flash drive holding  Tails OS with  all communications drivers locked. Persistent volume of this OS is  secured with a compound password i.e part of this password is  stored in a hardware security key and enters unlocking field via its OTP interface , while other part is entered manually at unlocking volume. HW security key is aimed also for storage  my private ed25519 PGP key.

The persistent volume keeps   KeePassXC database, locked with a composite password that includes a segment stored in HW key. This password differs from that one safeguarding the Tails persistent volume.

The KeyPassXC database houses encrypted GPG messages corresponding to my SEED phrases. These messages are encrypted using my PGP hardware key (smart card in terms of Kleopatra), which is protected by a PIN code. Notably, only two incorrect PIN attempts are permitted; a third incorrect attempt will result in the blocking of access to the PGP key.

For anyone interested , I  provide ppg code for setting up hardware keys.

Code:
gpg --allow-secret-key-import --import 

gpg --expert --edit-key

gpg> toggle

gpg> keytocard

( select Yes and then 1)

gpg> key 1

gpg>  keytocard

(select Yes and then 2)

gpg> key 1

gpg> key 2

gpg> keytocard


(select Yes and then 3)

gpg> quit

Select  No ( otherwise security key would be wiped out from system and thus, could not be used for setting HW key duplicate ).



The corresponding public key is imported into Kleopatra key manager with database situated within the persistent Tails volume.

Quote from: satscraper


Consequently, by utilizing Kleopatra and a hardware key, one can decrypt/encrypt SEED phrases  and securely add  encrypted messages  to KeePassXC database.

In practice, I maintain three cloned Tails flash drives and three hardware keys, each serving as a backup for the others.

I welcome any constructive criticism regarding potential points of failure or unknown vulnerabilities in my system.



Picture shows my Tails flash drive (in the form of debit card, metal frame)  and pgp HW key

Quote from: satscraper
Jump to: