![-=[ logo ]=-](/data/img/logo.png){kind=logo}
Sometimes you’ve got some files that you don’t want to lose, for instance
private keys (think of gpg and Google authenticator), so I store them in
multiple places (to be sure that I won’t lose the file) and encrypted since
I can’t keep an eye on every place I put my files.
HW setup
- Put your favorite security conscious live Linux distribution on a USB key.
- Put your keys.tar.gz.gpg on it (if you have already done this HOWTO once).
- Boot this key on a computer you trust. It should have no network (Ethernet/Wifi/4G/Bluetooth) connection, and ideally no local storage.
First time
- Boot on your trusted computer with your trusted boot media.
- Create a directory.
mkdir keys - Put your keys into it (your command line MAY differ a bit).
echo "Happy holidays" > keys/key1.txt - Encrypt all your keys.
gpgwill ask you a passphrase twice, don’t forget it!tar cvzf - keys | gpg --cipher-algo AES256 -c -o keys.tar.gz.gpg keys/ keys/key1.txt - Destroy the unencrypted keys:
rm keys -rf - Now store
keys.tar.gz.gpg.
Key recovery or update
- Boot on your trusted computer with your trusted boot media.
- Recover you keys,
gpgwill ask for your passphrasegpg -d < keys.tar.gz.gpg | tar xvzf - keys/ keys/key1.txt - Use/update/… your keys
cat keys/key1.txt Happy holidays - Encrypt all your keys.
gpgwill ask you a passphrase twice, don’t forget it!tar cvzf - keys | gpg --cipher-algo AES256 -c -o keys.tar.gz.gpg keys/ keys/key1.txt - Destroy the unencrypted keys:
rm keys -rf - Now store
keys.tar.gz.gpg.
~~~
Question, remark, bug? Don't hesitate to contact me or report a bug.