mirror of
https://github.com/sunknudsen/privacy-guides.git
synced 2025-02-23 09:13:56 +00:00
Improved encrypted paper backup guide
Added secret confirmation, BIP39 test and word split features
This commit is contained in:
parent
838469b946
commit
04419bc75b
@ -122,12 +122,16 @@ sudo systemctl reboot
|
||||
|
||||
### Create encrypted paper backup
|
||||
|
||||
> Heads-up: use `--bip39` to test secret against BIP39 [dictionary](https://raw.githubusercontent.com/bitcoin/bips/master/bip-0039/english.txt).
|
||||
|
||||
```shell
|
||||
qr-backup.sh
|
||||
```
|
||||
|
||||
### Restore encrypted paper backup
|
||||
|
||||
> Heads-up: use `--split-words` to split secret into word list.
|
||||
|
||||
```shell
|
||||
qr-restore.sh
|
||||
```
|
||||
|
2048
how-to-create-encrypted-paper-backup/bip39.txt
Normal file
2048
how-to-create-encrypted-paper-backup/bip39.txt
Normal file
File diff suppressed because it is too large
Load Diff
BIN
how-to-create-encrypted-paper-backup/bip39.txt.sig
Normal file
BIN
how-to-create-encrypted-paper-backup/bip39.txt.sig
Normal file
Binary file not shown.
@ -2,23 +2,54 @@
|
||||
|
||||
set -e
|
||||
|
||||
positional=()
|
||||
while [[ $# -gt 0 ]]; do
|
||||
argument="$1"
|
||||
case $argument in
|
||||
--bip39)
|
||||
bip39=true
|
||||
shift
|
||||
;;
|
||||
*)
|
||||
positional+=("$1")
|
||||
shift
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
set -- "${positional[@]}"
|
||||
|
||||
bold=$(tput bold)
|
||||
red=$(tput setaf 1)
|
||||
normal=$(tput sgr0)
|
||||
|
||||
basedir=$(dirname "$0")
|
||||
|
||||
dev="/dev/sda1"
|
||||
tmp="/home/pi/tmp"
|
||||
usb="/home/pi/usb"
|
||||
|
||||
waitForUsb () {
|
||||
tput reset
|
||||
|
||||
waitForUsbThumbDrive () {
|
||||
if [ ! -e $dev ]; then
|
||||
printf "Insert USB thumb drive and press enter"
|
||||
read -r confirmation
|
||||
waitForUsb
|
||||
waitForUsbThumbDrive
|
||||
fi
|
||||
}
|
||||
|
||||
waitForUsb
|
||||
waitForUsbThumbDrive
|
||||
|
||||
printf "%s\n" "Format USB thumb drive? (y or n)? "
|
||||
|
||||
read -r answer
|
||||
if [ "$answer" = "y" ]; then
|
||||
if mount | grep $usb > /dev/null; then
|
||||
sudo umount $dev
|
||||
fi
|
||||
sudo mkfs -t vfat $dev
|
||||
fi
|
||||
|
||||
sudo mkdir -p $tmp
|
||||
if ! mount | grep $tmp > /dev/null; then
|
||||
@ -31,8 +62,37 @@ if ! mount | grep $usb > /dev/null; then
|
||||
fi
|
||||
|
||||
if [ -z $secret ]; then
|
||||
tput sc
|
||||
printf "%s\n" "Type secret and press enter"
|
||||
read -r secret
|
||||
tput rc
|
||||
tput ed
|
||||
printf "%s\n" "Type secret and press enter (again)"
|
||||
read -r secret_confirmation
|
||||
if [ ! "$secret" = "$secret_confirmation" ]; then
|
||||
printf "$red%s$normal\n" "Secrets do not match"
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
function exists {
|
||||
bip39_words=($(cat "$basedir/bip39.txt"))
|
||||
for bip39_word in ${bip39_words[@]}; do
|
||||
if [ "$bip39_word" = "$1" ]; then
|
||||
return 0
|
||||
fi
|
||||
done
|
||||
return 1
|
||||
}
|
||||
|
||||
if [ "$bip39" = true ]; then
|
||||
words=($secret)
|
||||
for word in ${words[@]}; do
|
||||
if ! exists $word; then
|
||||
printf "$red%s$normal\n" "Invalid word $bold$word$normal"
|
||||
exit 1
|
||||
fi
|
||||
done
|
||||
fi
|
||||
|
||||
encrypted_secret=$(echo -n "$secret" | gpg --s2k-mode 3 --s2k-count 65011712 --s2k-digest-algo sha512 --cipher-algo AES256 --symmetric --armor)
|
||||
|
Binary file not shown.
2
how-to-create-encrypted-paper-backup/qr-clone.sh
Normal file → Executable file
2
how-to-create-encrypted-paper-backup/qr-clone.sh
Normal file → Executable file
@ -8,4 +8,4 @@ printf "%s\n" "Restoring…"
|
||||
if [ -n "$secret" ]; then
|
||||
printf "%s\n" "Backing up…"
|
||||
. qr-backup.sh
|
||||
fi
|
||||
fi
|
||||
|
Binary file not shown.
35
how-to-create-encrypted-paper-backup/qr-restore.sh
Normal file → Executable file
35
how-to-create-encrypted-paper-backup/qr-restore.sh
Normal file → Executable file
@ -1,11 +1,28 @@
|
||||
#! /bin/bash
|
||||
|
||||
set -e
|
||||
|
||||
positional=()
|
||||
while [[ $# -gt 0 ]]; do
|
||||
argument="$1"
|
||||
case $argument in
|
||||
--split-words)
|
||||
split_words=true
|
||||
shift
|
||||
;;
|
||||
*)
|
||||
positional+=("$1")
|
||||
shift
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
set -- "${positional[@]}"
|
||||
|
||||
bold=$(tput bold)
|
||||
red=$(tput setaf 1)
|
||||
normal=$(tput sgr0)
|
||||
|
||||
set -e
|
||||
|
||||
printf "%s\n" "Scan QR code…"
|
||||
|
||||
data=""
|
||||
@ -37,7 +54,17 @@ read -r answer
|
||||
if [ "$answer" = "y" ]; then
|
||||
secret=$(echo -e "$encrypted_secret" | gpg --decrypt)
|
||||
gpg-connect-agent reloadagent /bye > /dev/null 2>&1
|
||||
printf "Secret: $bold%s$normal\n" "$secret"
|
||||
if [ "$split_words" = true ]; then
|
||||
printf "%s" "Secret: "
|
||||
array=($secret)
|
||||
for i in ${!array[@]}; do
|
||||
position=$(($i + 1))
|
||||
printf "%s" "$position.$bold${array[$i]}$normal "
|
||||
done
|
||||
printf "\n"
|
||||
else
|
||||
printf "Secret: $bold%s$normal\n" "$secret"
|
||||
fi
|
||||
fi
|
||||
|
||||
printf "%s\n" "Done"
|
||||
printf "%s\n" "Done"
|
||||
|
Binary file not shown.
Loading…
x
Reference in New Issue
Block a user