s83/privacy-guides
1
0
Fork 0
mirror of https://github.com/sunknudsen/privacy-guides.git synced 2025-02-22 16:53:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

Refactored guide, implemented ckcc and passphraseme and deprecated Electrum

Browse Source
This commit is contained in:
Sun Knudsen 2022-01-10 08:16:25 -05:00
parent 908b211c36
commit 1965eca7f6
No known key found for this signature in database
GPG Key ID: 02C43AD072D57783
19 changed files with 351 additions and 548 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

531
how-to-create-encrypted-paper-backup/README.md
View File

@ -29,10 +29,10 @@ Listed: true
### Step 1: log in to Raspberry Pi
Replace `10.0.1.248` with IP of Raspberry Pi.
Replace `10.0.1.181` with IP of Raspberry Pi.
```shell
ssh pi@10.0.1.248 -i ~/.ssh/pi
ssh pi@10.0.1.181 -i ~/.ssh/pi
```
### Step 2: configure console font
@ -55,105 +55,45 @@ sudo raspi-config
Select “Localisation Options”, then “Keyboard”, then “Generic 105-key PC (intl.)”, then “Other”, then “English (US)”, then “English (US)”, then “The default for the keyboard layout”, then “No compose key” and finally “Finish”.
### Step 4: install dependencies available on repositories
### Step 4: install dependencies
```console
$ sudo apt update
$ sudo apt install -y bc expect fim imagemagick python3-pip python3-rpi.gpio
$ pip3 install --user mnemonic pillow qrcode
$ sudo apt install -y bc expect fim git imagemagick python3-pip python3-rpi.gpio tmux zbar-tools
$ echo -e "export GPG_TTY=\"\$(tty)\"\nexport PATH=\$PATH:/home/pi/.local/bin" >> ~/.bashrc
$ source ~/.bashrc
```
### Step 5 (optional): install [Adafruit PiTFT monitor](https://www.adafruit.com/product/2423) drivers and disable console auto login
#### Install Adafruit PiTFT monitor drivers
> Heads-up: dont worry about `PITFT Failed to disable unit: Unit file fbcp.service does not exist.`.
> Heads-up: when asked to reboot, type `n` and press enter.
### Step 5: install [ckcc](https://github.com/Coldcard/ckcc-protocol) (used to manage [COLDCARD](https://coldcard.com/) devices, see [docs](https://coldcardwallet.com/docs/cli))
```console
$ sudo apt update
$ pip3 install --user ckcc-protocol[cli]
$ sudo apt install -y git python3-pip
$ sudo pip3 install adafruit-python-shell click==7.0
$ git clone https://github.com/adafruit/Raspberry-Pi-Installer-Scripts.git
$ cd Raspberry-Pi-Installer-Scripts
$ sudo python3 adafruit-pitft.py --display=28c --rotation=90 --install-type=console
$ cd ~
$ rm -fr Raspberry-Pi-Installer-Scripts
$ sudo curl --fail --output /etc/udev/rules.d/51-coinkite.rules https://raw.githubusercontent.com/Coldcard/ckcc-protocol/master/51-coinkite.rules
```
#### Disable console auto login
> Heads-up: when asked to reboot, select “No” and press enter.
### Step 6: install [mnemonic](https://github.com/trezor/python-mnemonic) (used to create and validate BIP39 mnemonics)
```shell
sudo raspi-config
pip3 install --user mnemonic
```
Select “System Options”, then “Boot / Auto Login”, then “Console” and finally “Finish”.
### Step 7: install [passphraseme](https://github.com/micahflee/passphraseme) (used to create passphrases using [EFF](https://www.eff.org/dice) wordlists)
### Step 6: install [zbar](https://github.com/mchehab/zbar) from source
#### Install zbar dependencies
```console
$ sudo apt update
$ sudo apt install -y autopoint build-essential git libjpeg-dev libmagickwand-dev libtool libv4l-dev
```shell
pip3 install --user passphraseme
```
#### Clone zbar repository
Replace `0.23.90` with [latest release](https://github.com/mchehab/zbar/releases/latest) semver.
```console
$ cd ~
$ git clone https://github.com/mchehab/zbar
$ cd zbar
$ git checkout 0.23.90
```
#### Configure, compile and install zbar
```console
$ autoreconf -vfi
$ ./configure --without-python
$ make
$ sudo make install
$ sudo ldconfig
$ cd ~
$ rm -fr zbar
```
### Step 7: install [sss-cli](https://github.com/dsprenkels/sss-cli) from source
### Step 8: install [sss-cli](https://github.com/dsprenkels/sss-cli) from source (used to split and join secrets using Shamir Secret Sharing)
#### Install [Rust](https://www.rust-lang.org/)
> Heads-up: when asked for installation option, select “Proceed with installation (default)”.
```shell
```console
$ curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
$ source ~/.bashrc
@ -167,135 +107,70 @@ $ cargo install --git https://github.com/dsprenkels/sss-cli --branch v0.1
$ cp ~/.cargo/bin/secret-share* ~/.local/bin/
```
### Step 8: install [Electrum](https://electrum.org/#home) (used to generate Electrum mnemonics)
#### Install Electrum dependencies
```shell
$ sudo apt update
$ sudo apt install -y libsecp256k1-0 python3-cryptography
```
#### Import ThomasVs PGP public key
### Step 9: install [trezorctl](https://wiki.trezor.io/Using_trezorctl_commands_with_Trezor) (used to manage [Trezor](https://trezor.io/) devices, see [docs](https://wiki.trezor.io/Using_trezorctl_commands_with_Trezor))
```console
$ curl https://raw.githubusercontent.com/spesmilo/electrum/master/pubkeys/ThomasV.asc | gpg --import
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 4739 100 4739 0 0 22459 0 --:--:-- --:--:-- --:--:-- 22459
gpg: /home/pi/.gnupg/trustdb.gpg: trustdb created
gpg: key 2BD5824B7F9470E6: public key "Thomas Voegtlin (https://electrum.org) <thomasv@electrum.org>" imported
gpg: Total number processed: 1
gpg: imported: 1
```
imported: 1
👍
#### Set Electrum release semver environment variable
Replace `4.1.2` with [latest release](https://electrum.org/#download) semver.
```shell
ELECTRUM_RELEASE_SEMVER=4.1.2
```
#### Download Electrum release and associated PGP signature
```shell
$ cd ~
$ curl --remote-name "https://download.electrum.org/$ELECTRUM_RELEASE_SEMVER/Electrum-$ELECTRUM_RELEASE_SEMVER.tar.gz"
$ curl --remote-name "https://download.electrum.org/$ELECTRUM_RELEASE_SEMVER/Electrum-$ELECTRUM_RELEASE_SEMVER.tar.gz.asc"
```
#### Verify Electrum release (learn how [here](../how-to-verify-pgp-digital-signatures-using-gnupg-on-macos))
```console
$ gpg --verify Electrum-$ELECTRUM_RELEASE_SEMVER.tar.gz.asc
gpg: assuming signed data in 'Electrum-$ELECTRUM_RELEASE_SEMVER.tar.gz'
gpg: Signature made Thu 08 Apr 2021 09:47:30 EDT
gpg: using RSA key 6694D8DE7BE8EE5631BED9502BD5824B7F9470E6
gpg: Good signature from "Thomas Voegtlin (https://electrum.org) <thomasv@electrum.org>" [unknown]
gpg: aka "ThomasV <thomasv1@gmx.de>" [unknown]
gpg: aka "Thomas Voegtlin <thomasv1@gmx.de>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 6694 D8DE 7BE8 EE56 31BE D950 2BD5 824B 7F94 70E6
```
Good signature
👍
#### Install Electrum
```shell
$ pip3 install --user Electrum-$ELECTRUM_RELEASE_SEMVER.tar.gz
$ rm Electrum-$ELECTRUM_RELEASE_SEMVER.tar.gz*
```
### Step 9: install `tmux` and [trezorctl](https://wiki.trezor.io/Using_trezorctl_commands_with_Trezor) (used to verify integrity of and restore [Trezor](https://trezor.io/) devices)
```console
$ sudo apt update
$ sudo apt install -y tmux
$ pip3 install --user attrs trezor
$ sudo curl --fail --output /etc/udev/rules.d/51-trezor.rules https://data.trezor.io/udev/51-trezor.rules
```
### Step 10: import Suns PGP public key (used to verify downloads below)
### Step 10: install [qrcode](https://github.com/lincolnloop/python-qrcode) (used to create QR codes)
```shell
pip3 install --user pillow qrcode
```
### Step 11: import Suns PGP public key (used to verify downloads below)
```console
$ curl --fail --output /home/pi/sunknudsen.asc https://raw.githubusercontent.com/sunknudsen/pgp-public-key/master/legacy/sunknudsen-legacy.asc
$ curl --fail --output /home/pi/sunknudsen.asc https://sunknudsen.com/sunknudsen.asc
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 6896 100 6896 0 0 7569 0 --:--:-- --:--:-- --:--:-- 7561
100 2070 100 2070 0 0 1653 0 0:00:01 0:00:01 --:--:-- 1653
$ gpg --import /home/pi/sunknudsen.asc
gpg: key C1323A377DE14C8B: public key "Sun Knudsen <hello@sunknudsen.com>" imported
gpg: directory '/home/pi/.gnupg' created
gpg: keybox '/home/pi/.gnupg/pubring.kbx' created
gpg: key 8C9CA674C47CA060: 1 signature not checked due to a missing key
gpg: /home/pi/.gnupg/trustdb.gpg: trustdb created
gpg: key 8C9CA674C47CA060: public key "Sun Knudsen <hello@sunknudsen.com>" imported
gpg: Total number processed: 1
gpg: imported: 1
gpg: no ultimately trusted keys found
```
imported: 1
👍
### Step 11: download and verify [create-bip39-mnemonic.py](./create-bip39-mnemonic.py)
### Step 12: download and verify [create-bip39-mnemonic.py](./create-bip39-mnemonic.py)
```console
$ curl --fail --output /home/pi/.local/bin/create-bip39-mnemonic.py https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/create-bip39-mnemonic.py
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 149 100 149 0 0 138 0 0:00:01 0:00:01 --:--:-- 138
100 149 100 149 0 0 144 0 0:00:01 0:00:01 --:--:-- 144
$ curl --fail --output /home/pi/.local/bin/create-bip39-mnemonic.py.asc https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/create-bip39-mnemonic.py.asc
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 833 100 833 0 0 681 0 0:00:01 0:00:01 --:--:-- 681
100 228 100 228 0 0 200 0 0:00:01 0:00:01 --:--:-- 200
$ gpg --verify /home/pi/.local/bin/create-bip39-mnemonic.py.asc
gpg: assuming signed data in '/home/pi/.local/bin/create-bip39-mnemonic.py'
gpg: Signature made Thu 15 Apr 2021 12:54:22 EDT
gpg: using RSA key A98CCD122243655B26FAFB611FA767862BBD1305
gpg: Signature made Sat 08 Jan 2022 14:33:36 EST
gpg: using EDDSA key 9C7887E1B5FCBCE2DFED0E1C02C43AD072D57783
gpg: Good signature from "Sun Knudsen <hello@sunknudsen.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: C4FB DDC1 6A26 2672 920D 0A0F C132 3A37 7DE1 4C8B
Subkey fingerprint: A98C CD12 2243 655B 26FA FB61 1FA7 6786 2BBD 1305
Primary key fingerprint: E786 274B C92B 47C2 3C1C F44B 8C9C A674 C47C A060
Subkey fingerprint: 9C78 87E1 B5FC BCE2 DFED 0E1C 02C4 3AD0 72D5 7783
$ chmod 600 /home/pi/.local/bin/create-bip39-mnemonic.py
```
Primary key fingerprint matches [published](../how-to-encrypt-sign-and-decrypt-messages-using-gnupg-on-macos#verify-suns-pgp-public-key-using-its-fingerprint) fingerprints
Primary key fingerprint matches [published](../how-to-encrypt-sign-and-decrypt-messages-using-gnupg-on-macos#verify-suns-pgp-public-key-using-fingerprint) fingerprints
👍
@ -303,33 +178,33 @@ Good signature
👍
### Step 12: download and verify [validate-bip39-mnemonic.py](./validate-bip39-mnemonic.py)
### Step 13: download and verify [validate-bip39-mnemonic.py](./validate-bip39-mnemonic.py)
```console
$ curl --fail --output /home/pi/.local/bin/validate-bip39-mnemonic.py https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/validate-bip39-mnemonic.py
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 6217 100 6217 0 0 8234 0 --:--:-- --:--:-- --:--:-- 8234
100 183 100 183 0 0 187 0 --:--:-- --:--:-- --:--:-- 187
$ curl --fail --output /home/pi/.local/bin/validate-bip39-mnemonic.py.asc https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/validate-bip39-mnemonic.py.asc
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 6217 100 6217 0 0 10361 0 --:--:-- --:--:-- --:--:-- 10344
100 228 100 228 0 0 113 0 0:00:02 0:00:02 --:--:-- 113
$ gpg --verify /home/pi/.local/bin/create-bip39-mnemonic.py.asc
gpg: assuming signed data in '/home/pi/.local/bin/create-bip39-mnemonic.py'
gpg: Signature made Thu 15 Apr 2021 12:54:22 EDT
gpg: using RSA key A98CCD122243655B26FAFB611FA767862BBD1305
$ gpg --verify /home/pi/.local/bin/validate-bip39-mnemonic.py.asc
gpg: assuming signed data in '/home/pi/.local/bin/validate-bip39-mnemonic.py'
gpg: Signature made Sat 08 Jan 2022 14:33:41 EST
gpg: using EDDSA key 9C7887E1B5FCBCE2DFED0E1C02C43AD072D57783
gpg: Good signature from "Sun Knudsen <hello@sunknudsen.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: C4FB DDC1 6A26 2672 920D 0A0F C132 3A37 7DE1 4C8B
Subkey fingerprint: A98C CD12 2243 655B 26FA FB61 1FA7 6786 2BBD 1305
Primary key fingerprint: E786 274B C92B 47C2 3C1C F44B 8C9C A674 C47C A060
Subkey fingerprint: 9C78 87E1 B5FC BCE2 DFED 0E1C 02C4 3AD0 72D5 7783
$ chmod 600 /home/pi/.local/bin/validate-bip39-mnemonic.py
```
Primary key fingerprint matches [published](../how-to-encrypt-sign-and-decrypt-messages-using-gnupg-on-macos#verify-suns-pgp-public-key-using-its-fingerprint) fingerprints
Primary key fingerprint matches [published](../how-to-encrypt-sign-and-decrypt-messages-using-gnupg-on-macos#verify-suns-pgp-public-key-using-fingerprint) fingerprints
👍
@ -337,33 +212,33 @@ Good signature
👍
### Step 13: download and verify [tmux-buttons.py](./tmux-buttons.py)
### Step 14: download and verify [tmux-buttons.py](./tmux-buttons.py)
```console
$ curl --fail --output /home/pi/.local/bin/tmux-buttons.py https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/tmux-buttons.py
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 149 100 149 0 0 138 0 0:00:01 0:00:01 --:--:-- 138
100 918 100 918 0 0 897 0 0:00:01 0:00:01 --:--:-- 898
$ curl --fail --output /home/pi/.local/bin/tmux-buttons.py.asc https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/tmux-buttons.py.asc
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 833 100 833 0 0 681 0 0:00:01 0:00:01 --:--:-- 681
100 228 100 228 0 0 213 0 0:00:01 0:00:01 --:--:-- 213
$ gpg --verify /home/pi/.local/bin/tmux-buttons.py.asc
gpg: assuming signed data in '/home/pi/.local/bin/tmux-buttons.py'
gpg: Signature made Thu Apr 22 09:13:47 2021 EDT
gpg: using RSA key A98CCD122243655B26FAFB611FA767862BBD1305
gpg: Signature made Sat 08 Jan 2022 14:33:39 EST
gpg: using EDDSA key 9C7887E1B5FCBCE2DFED0E1C02C43AD072D57783
gpg: Good signature from "Sun Knudsen <hello@sunknudsen.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: C4FB DDC1 6A26 2672 920D 0A0F C132 3A37 7DE1 4C8B
Subkey fingerprint: A98C CD12 2243 655B 26FA FB61 1FA7 6786 2BBD 1305
Primary key fingerprint: E786 274B C92B 47C2 3C1C F44B 8C9C A674 C47C A060
Subkey fingerprint: 9C78 87E1 B5FC BCE2 DFED 0E1C 02C4 3AD0 72D5 7783
$ chmod 600 /home/pi/.local/bin/tmux-buttons.py
```
Primary key fingerprint matches [published](../how-to-encrypt-sign-and-decrypt-messages-using-gnupg-on-macos#verify-suns-pgp-public-key-using-its-fingerprint) fingerprints
Primary key fingerprint matches [published](../how-to-encrypt-sign-and-decrypt-messages-using-gnupg-on-macos#verify-suns-pgp-public-key-using-fingerprint) fingerprints
👍
@ -371,33 +246,33 @@ Good signature
👍
### Step 14: download and verify [qr-backup.sh](./qr-backup.sh)
### Step 15: download and verify [qr-backup.sh](./qr-backup.sh)
```console
$ curl --fail --output /home/pi/.local/bin/qr-backup.sh https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/qr-backup.sh
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 3956 100 3956 0 0 3971 0 --:--:-- --:--:-- --:--:-- 3967
100 8225 100 8225 0 0 7679 0 0:00:01 0:00:01 --:--:-- 7686
$ curl --fail --output /home/pi/.local/bin/qr-backup.sh.asc https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/qr-backup.sh.asc
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 833 100 833 0 0 620 0 0:00:01 0:00:01 --:--:-- 620
100 228 100 228 0 0 259 0 --:--:-- --:--:-- --:--:-- 258
$ gpg --verify /home/pi/.local/bin/qr-backup.sh.asc
gpg: assuming signed data in '/home/pi/.local/bin/qr-backup.sh'
gpg: Signature made Sun 18 Apr 2021 19:03:07 EDT
gpg: using RSA key A98CCD122243655B26FAFB611FA767862BBD1305
gpg: Signature made Sat 08 Jan 2022 14:33:53 EST
gpg: using EDDSA key 9C7887E1B5FCBCE2DFED0E1C02C43AD072D57783
gpg: Good signature from "Sun Knudsen <hello@sunknudsen.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: C4FB DDC1 6A26 2672 920D 0A0F C132 3A37 7DE1 4C8B
Subkey fingerprint: A98C CD12 2243 655B 26FA FB61 1FA7 6786 2BBD 1305
Primary key fingerprint: E786 274B C92B 47C2 3C1C F44B 8C9C A674 C47C A060
Subkey fingerprint: 9C78 87E1 B5FC BCE2 DFED 0E1C 02C4 3AD0 72D5 7783
$ chmod 700 /home/pi/.local/bin/qr-backup.sh
```
Primary key fingerprint matches [published](../how-to-encrypt-sign-and-decrypt-messages-using-gnupg-on-macos#verify-suns-pgp-public-key-using-its-fingerprint) fingerprints
Primary key fingerprint matches [published](../how-to-encrypt-sign-and-decrypt-messages-using-gnupg-on-macos#verify-suns-pgp-public-key-using-fingerprint) fingerprints
👍
@ -405,33 +280,33 @@ Good signature
👍
### Step 15: download and verify [qr-restore.sh](./qr-restore.sh)
### Step 16: download and verify [qr-restore.sh](./qr-restore.sh)
```console
$ curl --fail --output /home/pi/.local/bin/qr-restore.sh https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/qr-restore.sh
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1904 100 1904 0 0 1715 0 0:00:01 0:00:01 --:--:-- 1715
100 3754 100 3754 0 0 3511 0 0:00:01 0:00:01 --:--:-- 3514
$ curl --fail --output /home/pi/.local/bin/qr-restore.sh.asc https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/qr-restore.sh.asc
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 833 100 833 0 0 908 0 --:--:-- --:--:-- --:--:-- 908
100 228 100 228 0 0 236 0 --:--:-- --:--:-- --:--:-- 236
$ gpg --verify /home/pi/.local/bin/qr-restore.sh.asc
gpg: assuming signed data in '/home/pi/.local/bin/qr-restore.sh'
gpg: Signature made Sun 18 Apr 2021 18:47:17 EDT
gpg: using RSA key A98CCD122243655B26FAFB611FA767862BBD1305
gpg: Signature made Sat 08 Jan 2022 14:33:57 EST
gpg: using EDDSA key 9C7887E1B5FCBCE2DFED0E1C02C43AD072D57783
gpg: Good signature from "Sun Knudsen <hello@sunknudsen.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: C4FB DDC1 6A26 2672 920D 0A0F C132 3A37 7DE1 4C8B
Subkey fingerprint: A98C CD12 2243 655B 26FA FB61 1FA7 6786 2BBD 1305
Primary key fingerprint: E786 274B C92B 47C2 3C1C F44B 8C9C A674 C47C A060
Subkey fingerprint: 9C78 87E1 B5FC BCE2 DFED 0E1C 02C4 3AD0 72D5 7783
$ chmod 700 /home/pi/.local/bin/qr-restore.sh
```
Primary key fingerprint matches [published](../how-to-encrypt-sign-and-decrypt-messages-using-gnupg-on-macos#verify-suns-pgp-public-key-using-its-fingerprint) fingerprints
Primary key fingerprint matches [published](../how-to-encrypt-sign-and-decrypt-messages-using-gnupg-on-macos#verify-suns-pgp-public-key-using-fingerprint) fingerprints
👍
@ -439,33 +314,33 @@ Good signature
👍
### Step 16: download and verify [qr-clone.sh](./qr-clone.sh)
### Step 17: download and verify [qr-clone.sh](./qr-clone.sh)
```console
$ curl --fail --output /home/pi/.local/bin/qr-clone.sh https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/qr-clone.sh
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 481 100 481 0 0 440 0 0:00:01 0:00:01 --:--:-- 440
100 1007 100 1007 0 0 930 0 0:00:01 0:00:01 --:--:-- 930
$ curl --fail --output /home/pi/.local/bin/qr-clone.sh.asc https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/qr-clone.sh.asc
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 833 100 833 0 0 783 0 0:00:01 0:00:01 --:--:-- 784
100 228 100 228 0 0 230 0 --:--:-- --:--:-- --:--:-- 229
$ gpg --verify /home/pi/.local/bin/qr-clone.sh.asc
gpg: assuming signed data in '/home/pi/.local/bin/qr-clone.sh'
gpg: Signature made Sat 17 Apr 2021 15:37:07 EDT
gpg: using RSA key A98CCD122243655B26FAFB611FA767862BBD1305
gpg: Signature made Sat 08 Jan 2022 14:33:55 EST
gpg: using EDDSA key 9C7887E1B5FCBCE2DFED0E1C02C43AD072D57783
gpg: Good signature from "Sun Knudsen <hello@sunknudsen.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: C4FB DDC1 6A26 2672 920D 0A0F C132 3A37 7DE1 4C8B
Subkey fingerprint: A98C CD12 2243 655B 26FA FB61 1FA7 6786 2BBD 1305
Primary key fingerprint: E786 274B C92B 47C2 3C1C F44B 8C9C A674 C47C A060
Subkey fingerprint: 9C78 87E1 B5FC BCE2 DFED 0E1C 02C4 3AD0 72D5 7783
$ chmod 700 /home/pi/.local/bin/qr-clone.sh
```
Primary key fingerprint matches [published](../how-to-encrypt-sign-and-decrypt-messages-using-gnupg-on-macos#verify-suns-pgp-public-key-using-its-fingerprint) fingerprints
Primary key fingerprint matches [published](../how-to-encrypt-sign-and-decrypt-messages-using-gnupg-on-macos#verify-suns-pgp-public-key-using-fingerprint) fingerprints
👍
@ -473,33 +348,33 @@ Good signature
👍
### Step 17: download and verify [secure-erase.sh](./secure-erase.sh)
### Step 18: download and verify [secure-erase.sh](./secure-erase.sh)
```console
$ curl --fail --output /home/pi/.local/bin/secure-erase.sh https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/secure-erase.sh
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1350 100 1350 0 0 992 0 0:00:01 0:00:01 --:--:-- 992
100 1352 100 1352 0 0 1390 0 --:--:-- --:--:-- --:--:-- 1390
$ curl --fail --output /home/pi/.local/bin/secure-erase.sh.asc https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/secure-erase.sh.asc
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 833 100 833 0 0 805 0 0:00:01 0:00:01 --:--:-- 805
100 228 100 228 0 0 257 0 --:--:-- --:--:-- --:--:-- 257
$ gpg --verify /home/pi/.local/bin/secure-erase.sh.asc
gpg: assuming signed data in '/home/pi/.local/bin/secure-erase.sh'
gpg: Signature made Thu 03 Jun 2021 19:34:35 BST
gpg: using RSA key A98CCD122243655B26FAFB611FA767862BBD1305
gpg: Signature made Sat 08 Jan 2022 14:33:59 EST
gpg: using EDDSA key 9C7887E1B5FCBCE2DFED0E1C02C43AD072D57783
gpg: Good signature from "Sun Knudsen <hello@sunknudsen.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: C4FB DDC1 6A26 2672 920D 0A0F C132 3A37 7DE1 4C8B
Subkey fingerprint: A98C CD12 2243 655B 26FA FB61 1FA7 6786 2BBD 1305
Primary key fingerprint: E786 274B C92B 47C2 3C1C F44B 8C9C A674 C47C A060
Subkey fingerprint: 9C78 87E1 B5FC BCE2 DFED 0E1C 02C4 3AD0 72D5 7783
$ chmod 700 /home/pi/.local/bin/secure-erase.sh
```
Primary key fingerprint matches [published](../how-to-encrypt-sign-and-decrypt-messages-using-gnupg-on-macos#verify-suns-pgp-public-key-using-its-fingerprint) fingerprints
Primary key fingerprint matches [published](../how-to-encrypt-sign-and-decrypt-messages-using-gnupg-on-macos#verify-suns-pgp-public-key-using-fingerprint) fingerprints
👍
@ -507,33 +382,33 @@ Good signature
👍
### Step 18: download and verify [trezor-verify-integrity.sh](./trezor-verify-integrity.sh) (used to verify integrity of Trezor devices)
### Step 19: download and verify [trezor-verify-integrity.sh](./trezor-verify-integrity.sh) (used to verify integrity of Trezor devices)
```console
$ curl --fail --output /home/pi/.local/bin/trezor-verify-integrity.sh https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/trezor-verify-integrity.sh
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1283 100 1283 0 0 1189 0 0:00:01 0:00:01 --:--:-- 1189
100 1228 100 1228 0 0 1271 0 --:--:-- --:--:-- --:--:-- 1269
$ curl --fail --output /home/pi/.local/bin/trezor-verify-integrity.sh.asc https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/trezor-verify-integrity.sh.asc
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 833 100 833 0 0 944 0 --:--:-- --:--:-- --:--:-- 944
100 228 100 228 0 0 244 0 --:--:-- --:--:-- --:--:-- 243
$ gpg --verify /home/pi/.local/bin/trezor-verify-integrity.sh.asc
gpg: assuming signed data in '/home/pi/.local/bin/trezor-verify-integrity.sh'
gpg: Signature made Thu Apr 22 09:13:56 2021 EDT
gpg: using RSA key A98CCD122243655B26FAFB611FA767862BBD1305
gpg: Signature made Sat 08 Jan 2022 14:34:06 EST
gpg: using EDDSA key 9C7887E1B5FCBCE2DFED0E1C02C43AD072D57783
gpg: Good signature from "Sun Knudsen <hello@sunknudsen.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: C4FB DDC1 6A26 2672 920D 0A0F C132 3A37 7DE1 4C8B
Subkey fingerprint: A98C CD12 2243 655B 26FA FB61 1FA7 6786 2BBD 1305
Primary key fingerprint: E786 274B C92B 47C2 3C1C F44B 8C9C A674 C47C A060
Subkey fingerprint: 9C78 87E1 B5FC BCE2 DFED 0E1C 02C4 3AD0 72D5 7783
$ chmod 700 /home/pi/.local/bin/trezor-verify-integrity.sh
```
Primary key fingerprint matches [published](../how-to-encrypt-sign-and-decrypt-messages-using-gnupg-on-macos#verify-suns-pgp-public-key-using-its-fingerprint) fingerprints
Primary key fingerprint matches [published](../how-to-encrypt-sign-and-decrypt-messages-using-gnupg-on-macos#verify-suns-pgp-public-key-using-fingerprint) fingerprints
👍
@ -541,33 +416,33 @@ Good signature
👍
### Step 19: download and verify [trezor-restore.sh](./trezor-restore.sh) (used to restore Trezor devices)
### Step 20: download and verify [trezor-restore.sh](./trezor-restore.sh) (used to restore Trezor devices)
```console
$ curl --fail --output /home/pi/.local/bin/trezor-restore.sh https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/trezor-restore.sh
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1283 100 1283 0 0 1189 0 0:00:01 0:00:01 --:--:-- 1189
100 1818 100 1818 0 0 1744 0 0:00:01 0:00:01 --:--:-- 1744
$ curl --fail --output /home/pi/.local/bin/trezor-restore.sh.asc https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/trezor-restore.sh.asc
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 833 100 833 0 0 944 0 --:--:-- --:--:-- --:--:-- 944
100 228 100 228 0 0 257 0 --:--:-- --:--:-- --:--:-- 257
$ gpg --verify /home/pi/.local/bin/trezor-restore.sh.asc
gpg: assuming signed data in '/home/pi/.local/bin/trezor-restore.sh'
gpg: Signature made Thu Apr 22 09:14:04 2021 EDT
gpg: using RSA key A98CCD122243655B26FAFB611FA767862BBD1305
gpg: Signature made Sat 08 Jan 2022 14:34:03 EST
gpg: using EDDSA key 9C7887E1B5FCBCE2DFED0E1C02C43AD072D57783
gpg: Good signature from "Sun Knudsen <hello@sunknudsen.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: C4FB DDC1 6A26 2672 920D 0A0F C132 3A37 7DE1 4C8B
Subkey fingerprint: A98C CD12 2243 655B 26FA FB61 1FA7 6786 2BBD 1305
Primary key fingerprint: E786 274B C92B 47C2 3C1C F44B 8C9C A674 C47C A060
Subkey fingerprint: 9C78 87E1 B5FC BCE2 DFED 0E1C 02C4 3AD0 72D5 7783
$ chmod 700 /home/pi/.local/bin/trezor-restore.sh
```
Primary key fingerprint matches [published](../how-to-encrypt-sign-and-decrypt-messages-using-gnupg-on-macos#verify-suns-pgp-public-key-using-its-fingerprint) fingerprints
Primary key fingerprint matches [published](../how-to-encrypt-sign-and-decrypt-messages-using-gnupg-on-macos#verify-suns-pgp-public-key-using-fingerprint) fingerprints
👍
@ -575,33 +450,33 @@ Good signature
👍
### Step 20: download and verify [update.sh](./update.sh)
### Step 21: download and verify [update.sh](./update.sh)
```console
$ curl --fail --output /home/pi/.local/bin/update.sh https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/update.sh
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1494 100 1494 0 0 1498 0 --:--:-- --:--:-- --:--:-- 149
100 1846 100 1846 0 0 1895 0 --:--:-- --:--:-- --:--:-- 1895
$ curl --fail --output /home/pi/.local/bin/update.sh.asc https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/update.sh.asc
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 833 100 833 0 0 929 0 --:--:-- --:--:-- --:--:-- 928
100 228 100 228 0 0 225 0 0:00:01 0:00:01 --:--:-- 225
$ gpg --verify /home/pi/.local/bin/update.sh.asc
gpg: assuming signed data in '/home/pi/.local/bin/update.sh'
gpg: Signature made Sat 05 Jun 2021 16:01:37 BST
gpg: using RSA key A98CCD122243655B26FAFB611FA767862BBD1305
gpg: Signature made Sat 08 Jan 2022 14:34:08 EST
gpg: using EDDSA key 9C7887E1B5FCBCE2DFED0E1C02C43AD072D57783
gpg: Good signature from "Sun Knudsen <hello@sunknudsen.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: C4FB DDC1 6A26 2672 920D 0A0F C132 3A37 7DE1 4C8B
Subkey fingerprint: A98C CD12 2243 655B 26FA FB61 1FA7 6786 2BBD 1305
Primary key fingerprint: E786 274B C92B 47C2 3C1C F44B 8C9C A674 C47C A060
Subkey fingerprint: 9C78 87E1 B5FC BCE2 DFED 0E1C 02C4 3AD0 72D5 7783
$ chmod 700 /home/pi/.local/bin/update.sh
```
Primary key fingerprint matches [published](../how-to-encrypt-sign-and-decrypt-messages-using-gnupg-on-macos#verify-suns-pgp-public-key-using-its-fingerprint) fingerprints
Primary key fingerprint matches [published](../how-to-encrypt-sign-and-decrypt-messages-using-gnupg-on-macos#verify-suns-pgp-public-key-using-fingerprint) fingerprints
👍
@ -609,24 +484,38 @@ Good signature
👍
### Step 21: make filesystem read-only
### Step 22 (optional): install [Adafruit PiTFT monitor](https://www.adafruit.com/product/2423) drivers and disable console auto login
#### Install Adafruit PiTFT monitor drivers
> Heads-up: dont worry about `PITFT Failed to disable unit: Unit file fbcp.service does not exist.`.
```console
$ sudo pip3 install adafruit-python-shell click
$ sudo git clone https://github.com/adafruit/Raspberry-Pi-Installer-Scripts.git /usr/local/include/Raspberry-Pi-Installer-Scripts
$ sudo python3 /usr/local/include/Raspberry-Pi-Installer-Scripts/adafruit-pitft.py --display=28c --rotation=90 --install-type=console --reboot=no
```
#### Disable console auto login
> Heads-up: when asked to reboot, select “No” and press enter.
```shell
sudo raspi-config
```
Select “System Options”, then “Boot / Auto Login”, then “Console” and finally “Finish”.
### Step 23: make filesystem read-only
> Heads-up: shout-out to Nico Kaiser for his amazing [guide](https://gist.github.com/nicokaiser/08aa5b7b3958f171cf61549b70e8a34b) on how to configure a read-only Raspberry Pi.
#### Disable swap
```console
$ sudo dphys-swapfile swapoff
$ sudo dphys-swapfile uninstall
$ sudo systemctl disable dphys-swapfile.service
```
#### Remove `dphys-swapfile`, `fake-hwclock` and `logrotate`
#### Disable fake-hwclock and logrotate
```shell
sudo apt remove -y --purge dphys-swapfile fake-hwclock logrotate
sudo systemctl disable fake-hwclock logrotate
```
#### Link `/etc/console-setup` to `/tmp/console-setup`
@ -637,12 +526,6 @@ $ sudo rm -fr /etc/console-setup
$ sudo ln -s /tmp/console-setup /etc/console-setup
```
#### Link `/home/pi/.electrum` to `/tmp/pi/.electrum`
```console
$ ln -s /tmp/pi/.electrum /home/pi/.electrum
```
#### Link `/home/pi/.gnupg` to `/tmp/pi/.gnupg`
```console
@ -651,10 +534,10 @@ $ rm -fr /home/pi/.gnupg
$ ln -s /tmp/pi/.gnupg /home/pi/.gnupg
```
#### Enable `tmp.mount` service
#### Enable tmp.mount
```console
$ echo -e "D /tmp 1777 root root -\nD /tmp/console-setup 1700 root root -\nD /tmp/pi 1700 pi pi -\nD /tmp/pi/.electrum 1700 pi pi -\nD /tmp/pi/.gnupg 1700 pi pi -\nD /var/tmp 1777 root root -" | sudo tee /etc/tmpfiles.d/tmp.conf
$ echo -e "D /tmp 1777 root root -\nD /tmp/console-setup 1700 root root -\nD /tmp/pi 1700 pi pi -\nD /tmp/pi/.gnupg 1700 pi pi -\nD /var/tmp 1777 root root -" | sudo tee /etc/tmpfiles.d/tmp.conf
$ sudo cp /usr/share/systemd/tmp.mount /etc/systemd/system/
@ -664,8 +547,6 @@ $ sudo systemctl enable tmp.mount
#### Edit `/boot/cmdline.txt`
```console
$ sudo cp /boot/cmdline.txt /boot/cmdline.txt.backup
$ sudo sed -i 's/fsck.repair=yes/fsck.repair=skip/' /boot/cmdline.txt
$ sudo sed -i '$ s/$/ fastboot noswap ro systemd.volatile=state/' /boot/cmdline.txt
@ -674,34 +555,34 @@ $ sudo sed -i '$ s/$/ fastboot noswap ro systemd.volatile=state/' /boot/cmdline.
#### Edit `/etc/fstab`
```console
$ sudo cp /etc/fstab /etc/fstab.backup
$ sudo sed -i -e 's/vfat\s*defaults\s/vfat defaults,ro/' /etc/fstab
$ sudo sed -i -e 's/ext4\s*defaults,noatime\s/ext4 defaults,noatime,ro,noload/' /etc/fstab
```
### Step 22: disable Wi-Fi (if not using ethernet)
### Step 24: disable networking and “fix” rfkill bug
```console
$ sudo systemctl disable dhcpcd networking sshd.service wpa_supplicant
$ sudo rm /etc/profile.d/wifi-check.sh
```
### Step 25: disable Wi-Fi
> Heads-up: use `cat /boot/config.txt | grep "dtoverlay=disable-wifi" && echo "Wi-Fi disabled"` to see if Wi-Fi is already disabled.
```shell
echo "dtoverlay=disable-wifi" | sudo tee -a /boot/config.txt
```
### Step 23: disable `dhcpcd`, `networking` and `wpa_supplicant` services and “fix” `rfkill` bug
```console
$ sudo systemctl disable dhcpcd networking wpa_supplicant
$ sudo rm /etc/profile.d/wifi-check.sh
```
### Step 24: delete macOS hidden files (if present)
### Step 26: delete macOS hidden files (if present)
```shell
sudo rm -fr /boot/.fseventsd /boot/.DS_Store /boot/.Spotlight-V100
```
### Step 25: reboot
### Step 27: unplug network cable (if using ethernet) and reboot
```shell
sudo systemctl reboot
@ -709,7 +590,7 @@ sudo systemctl reboot
> WARNING: DO NOT CONNECT RASPBERRY PI TO NETWORK EVER AGAIN WITHOUT REINSTALLING RASPBERRY PI OS FIRST (DEVICE IS NOW “READ-ONLY” AND “COLD”).
### Step 26 (optional): disable auto-mount of `boot` volume (on macOS)
### Step 28 (optional): disable auto-mount of `boot` volume (on macOS)
> Heads-up: done to prevent macOS from writing [hidden files](#step-24-delete-macos-hidden-files-if-present) to `boot` volume which would invalidate stored SHA512 hash of microSD card.
@ -717,7 +598,7 @@ sudo systemctl reboot
![micro-sd-card-adapter](./micro-sd-card-adapter.png)
#### Insert microSD card into adapter and insert adapter into computer
#### Insert microSD card into adapter and adapter into computer
#### Run following and eject microSD card
@ -727,41 +608,45 @@ volume_uuid=$(diskutil info "$volume_path" | awk '/Volume UUID:/ { print $3 }')
echo "UUID=$volume_uuid none msdos ro,noauto" | sudo tee -a /etc/fstab
```
### Step 27 (optional): compute SHA512 hash of SD card and store in password manager (on macOS)
### Step 29 (optional): compute SHA512 hash of microSD card and store in password manager (on macOS)
Run `diskutil list` to find disk ID of microSD card with “Raspberry Pi OS Lite” installed (`disk2` in the following example).
Run `diskutil list` to find disk ID of microSD card with “Raspberry Pi OS Lite” installed (`disk4` in the following example).
Replace `diskn` and `rdiskn` with disk ID of SD card (`disk2` and `rdisk2` in the following example).
Replace `diskn` and `rdiskn` with disk ID of microSD card (`disk4` and `rdisk4` in the following example).
```console
$ diskutil list
/dev/disk0 (internal, physical):
/dev/disk0 (internal):
#: TYPE NAME SIZE IDENTIFIER
0: GUID_partition_scheme *500.3 GB disk0
1: EFI EFI 209.7 MB disk0s1
2: Apple_APFS Container disk1 500.1 GB disk0s2
0: GUID_partition_scheme 500.3 GB disk0
1: Apple_APFS_ISC 524.3 MB disk0s1
2: Apple_APFS Container disk3 494.4 GB disk0s2
3: Apple_APFS_Recovery 5.4 GB disk0s3
/dev/disk1 (synthesized):
/dev/disk3 (synthesized):
#: TYPE NAME SIZE IDENTIFIER
0: APFS Container Scheme - +500.1 GB disk1
0: APFS Container Scheme - +494.4 GB disk3
Physical Store disk0s2
1: APFS Volume Macintosh HD - Data 340.9 GB disk1s1
2: APFS Volume Preboot 85.9 MB disk1s2
3: APFS Volume Recovery 529.0 MB disk1s3
4: APFS Volume VM 3.2 GB disk1s4
5: APFS Volume Macintosh HD 11.3 GB disk1s5
1: APFS Volume Macintosh HD 15.3 GB disk3s1
2: APFS Snapshot com.apple.os.update-... 15.3 GB disk3s1s1
3: APFS Volume Preboot 328.4 MB disk3s2
4: APFS Volume Recovery 815.1 MB disk3s3
5: APFS Volume Data 458.2 GB disk3s5
6: APFS Volume VM 3.2 GB disk3s6
/dev/disk2 (internal, physical):
/dev/disk4 (external, physical):
#: TYPE NAME SIZE IDENTIFIER
0: FDisk_partition_scheme *15.9 GB disk2
1: Windows_FAT_32 boot 268.4 MB disk2s1
2: Linux 15.7 GB disk2s2
0: FDisk_partition_scheme *15.9 GB disk4
1: Windows_FAT_32 boot 268.4 MB disk4s1
2: Linux 3.1 GB disk4s2
(free space) 12.5 GB -
$ sudo diskutil unmountDisk /dev/diskn
Unmount of all volumes on disk2 was successful
Unmount of all volumes on disk4 was successful
$ sudo openssl dgst -sha512 /dev/rdiskn
SHA512(/dev/rdisk2)= 353af7e9bd78d7d98875f0e2a58da3d7cdfc494f2ab5474b2ab4a8fd212ac6a37c996d54f6c650838adb61e4b30801bcf1150081f6dbb51998cf33a74fa7f0fe
$ sudo openssl dgst -sha512 /dev/rdiskns1 /dev/rdiskns2
SHA512(/dev/rdisk4s1)= a14b7c184279a3e756eaa095b619e949320e759bf4637406e82e713aff24732691aaad5aa2377086655ef04b42fc8d7c98e338ebd049f79626923c0d16e18761
SHA512(/dev/rdisk4s2)= 5627414e630eb2fa2b080858deee80daec0470668fbfcf3965fe9c52ba0bf1e68518610ee6d4d1a1212c09d2ccbdcb80989838b00369ff5e2ca4f9d10b8ae4fb
```
👍
@ -777,20 +662,22 @@ $ qr-backup.sh --help
Usage: qr-backup.sh [options]
Options:
--create-bip39-mnemonic create BIP39 mnemonic
--create-electrum-mnemonic create Electrum mnemonic
--validate-bip39-mnemonic validate if secret is valid BIP39 mnemonic
--shamir-secret-sharing split secret using Shamir Secret Sharing
--number-of-shares number of shares (defaults to 5)
--share-threshold shares required to access secret (defaults to 3)
--no-qr disable show SHA512 hash as QR code prompt
--label <label> print label after short hash
-h, --help display help for command
--create-bip39-mnemonic create BIP39 mnemonic
--validate-bip39-mnemonic validate if secret is valid BIP39 mnemonic
--create-passphrase create passphrase
--wordlist <wordlist> wordlist (defaults to large)
--word-count <count> word count (defaults to 7)
--shamir-secret-sharing split secret using Shamir Secret Sharing
--number-of-shares <shares> number of shares (defaults to 5)
--share-threshold <threshold> shares required to access secret (defaults to 3)
--no-qr disable show SHA512 hash as QR code prompt
--label <label> print label after short hash
-h, --help display help for command
$ qr-backup.sh
Format USB flash drive (y or n)?
y
mkfs.fat 4.1 (2017-01-24)
mkfs.fat 4.2 (2021-01-31)
Please type secret and press enter, then ctrl+d (again)
this is a test yo
Please type passphrase and press enter
@ -828,10 +715,10 @@ $ qr-restore.sh --help
Usage: qr-restore.sh [options]
Options:
--shamir-secret-sharing combine secret using Shamir Secret Sharing
--share-threshold shares required to access secret (defaults to 3)
--word-list split secret into word list
-h, --help display help for command
--shamir-secret-sharing combine secret using Shamir Secret Sharing
--share-threshold <threshold> shares required to access secret (defaults to 3)
--word-list split secret into word list
-h, --help display help for command
$ qr-restore.sh
Scanning QR code…
@ -844,7 +731,7 @@ AidLaa1d1+V5vFQowNv/6IyN+nDe/bS+qTFdPI5PptW+rVg+Rw0=
SHA512 hash: 0ed162fe43bedf052f5af54e0dc3861ec87b579d1b8f28d85daa93c8316546cf997cd5656a69baa41fbf65b25f1a9fe7626504d480c4103903d32536b61d715a
SHA512 short hash: 0ed162fe
Please type passphrase and press enter
gpg: AES256 encrypted data
gpg: AES256.CFB encrypted data
gpg: encrypted with 1 passphrase
Show secret (y or n)?
y
@ -881,7 +768,7 @@ AidLaa1d1+V5vFQowNv/6IyN+nDe/bS+qTFdPI5PptW+rVg+Rw0=
SHA512 hash: 0ed162fe43bedf052f5af54e0dc3861ec87b579d1b8f28d85daa93c8316546cf997cd5656a69baa41fbf65b25f1a9fe7626504d480c4103903d32536b61d715a
SHA512 short hash: 0ed162fe
Please type passphrase and press enter
gpg: AES256 encrypted data
gpg: AES256.CFB encrypted data
gpg: encrypted with 1 passphrase
Show secret (y or n)?
n
@ -889,7 +776,7 @@ Done
Backing up…
Format USB flash drive (y or n)?
y
mkfs.fat 4.1 (2017-01-24)
mkfs.fat 4.2 (2021-01-31)
Please type passphrase and press enter
Please type passphrase and press enter (again)
Show passphrase (y or n)?
@ -932,19 +819,19 @@ Secure erase USB flash drive (y or n)?
y
Overwriting with random data… (round 1 of 3)
dd: error writing '/dev/sda1': No space left on device
1868+0 records in
1867+0 records out
1957691392 bytes (2.0 GB, 1.8 GiB) copied, 180.327 s, 10.9 MB/s
118+0 records in
117+0 records out
122895360 bytes (123 MB, 117 MiB) copied, 44.1437 s, 2.8 MB/s
Overwriting with random data… (round 2 of 3)
dd: error writing '/dev/sda1': No space left on device
1868+0 records in
1867+0 records out
1957691392 bytes (2.0 GB, 1.8 GiB) copied, 179.563 s, 10.9 MB/s
118+0 records in
117+0 records out
122895360 bytes (123 MB, 117 MiB) copied, 48.2873 s, 2.5 MB/s
Overwriting with random data… (round 3 of 3)
dd: error writing '/dev/sda1': No space left on device
1868+0 records in
1867+0 records out
1957691392 bytes (2.0 GB, 1.8 GiB) copied, 179.09 s, 10.9 MB/s
118+0 records in
117+0 records out
122895360 bytes (123 MB, 117 MiB) copied, 47.0045 s, 2.6 MB/s
Done
```

20
how-to-create-encrypted-paper-backup/cleanup.sh
View File

@ -30,24 +30,6 @@ sudo rm -fr /var/lib/dhcpcd5/* || true
sudo rm -fr /var/log/* || true
sudo rm -fr /var/tmp/* || true
printf "%s\n" "Done"
coutdown() {
tput rc
tput ed
second_s="seconds"
if [ "$1" = "1" ]; then
second_s="second"
fi
printf "$bold%s$normal" "Rebooting in $1 $second_s"
}
tput sc
for ((index=10; index > 0; index--))
do
coutdown $index
sleep 1
done
sudo passwd pi
sudo systemctl reboot

16
how-to-create-encrypted-paper-backup/cleanup.sh.asc
View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEqYzNEiJDZVsm+vthH6dnhiu9EwUFAmC8vg8ACgkQH6dnhiu9
EwX5BA//aHIG6Hy5PG/achuREBxPJnYbcYCVnwvWayFgVnFykHLnPgu7kQqsYdQB
ikHfNhaJyrx7gNWT1inRqmvHRstgSBcWI1VD3TVv7G/XdxHZmndl3M7alAZHeOIU
iMnDYJeqiqkKsQmIrBg/tChUw+tL6tNbpGWAzcLks7jZl8IQgjRQKe3KZeLZKzfi
8JOChowSSRAnD3Rkfhb6aILX6IRA2XcjOMgQkjZLzWBo35B7KdspCLgH14I3kXlt
yazco1LnzasBAM0lOUyytiixj6bMfNISMJRZjReZZsTpvWDGkphGVhuMOUDfdYP/
DGjksSTHi8BhMqaObGya2E7P6tGPgkfrZVwjGdQA4tZlzgDmRr/6rnLA/6ABAxIm
nsTlKPV3kQzsakFbNUPN6pubUc+vUvPaGXfsSTdx5Z1fJVc6YEZ10Ylhr0VNig0b
+R27XMjj2OEhJBmk6kirJkvN68g1be0YhKSVCiBPF1LUQNtse6uj1x/OevJXnK36
jPIVXv8zCJIe5usKFPtrqkJJymYsiqPtpLsIlxcpJ/V6qXJhZrgyl9CwyIBiGM9N
du5tj7JU+QjFpqxlltN0kULMRpSu+0zPILMLphVnm/B5qV2ztf9ppHNq7fWF90ne
BD7vse5pHh3l5zdb8dyHVsre0BqSir8tGZL54hHQ5tMy35divME=
=uv+s
-----END PGP SIGNATURE-----

17
how-to-create-encrypted-paper-backup/create-bip39-mnemonic.py.asc
View File

@ -1,16 +1,7 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEqYzNEiJDZVsm+vthH6dnhiu9EwUFAmB4b74ACgkQH6dnhiu9
EwXhHw/+L8HtMoB+Fzh7WWVtXGw5q+oUHZUOFDe7WdOnFc0orbMhiKjtyEmQp11M
ys9Lxni4pnQEiItyppT8qGxFyfvMDdbnYN5wyKJG4LL4sli0V8khKaug2FEDEuUV
RPu2qxxNe+dOi7AJLn1yy+G6DztfTtkc/WI+KNS41ZjgV0jPt8DITLIKvr1DCNjJ
L/MCaMxhnjjENRq3bYluu+z9C8Gq3clkwvKsG18XnYFh6Rv/YXfAWI7hA3fmGUjJ
LewpwGN+ypIjzDfB11GdykZogd/0yM8KB8UV+yQFaNa6VaD8flUDP83WXJGGk37K
+sRu/T1GLacI4T82ivOOV3u/+Wox7lXX37vok9eSES6u5oF9cFuTvoXgT2USp4OV
74fL0uCU433FZgItvbUkgiThll8LL/vUy/Isx3yKoGp6D/VlvADgknDCG9OMXxG+
GKLTbnBZBJVh0YF6Kf43Zx8ZoOFGa9TIvsGGXN1cSjcTZ7re24j1mpTSP0N0vMsc
spoQSq1lO0YoVrr+9fOoG5kzWeFZlmca4D2NRFg/g+gv/qwjazm0zzCUQRA6A50G
nSSeo2YskBSyEDYQfaqHBJB9qL+pObIrUdP0G7GkAdp5u/tAxnFdAqO+kWntI7f5
cJz0I737arcOwzS/+sdYRblQiU4tyZ8W6SpAuTro0NS0CW26Nn8=
=8fLc
iHUEABYKAB0WIQSceIfhtfy84t/tDhwCxDrQctV3gwUCYdnnEAAKCRACxDrQctV3
g49OAQDDTN1u+D/CurnQrNYcLsFzrdIJWGUN6F66jPTP3amNOgEAl3iCXBAik2wf
DukkwJO71zO2G6d+EVxRyKbIFSOt1g8=
=0f22
-----END PGP SIGNATURE-----

17
how-to-create-encrypted-paper-backup/pack.sh.asc
View File

@ -1,16 +1,7 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEqYzNEiJDZVsm+vthH6dnhiu9EwUFAmDCvlUACgkQH6dnhiu9
EwX0yxAAr0KZWrPHladW4DqTCBl/5RdUmlQXyHNayCUtqfh3v2iVi1A6SS6SsDuh
eKwZUzshIGgbbkNj7nituzsJKhDVo8A7LY+3kqgdG9sh8LGtY9Mk7cE2LGRwtsXr
Ofrw8HLdW4i1YnaA1vRtKc76fFKJbAqh+K6Zoqi8R9Lb0vGtwafUf+C2wS1tqr+S
fLGbCfTkJBvpYzoTXKFew+jYjHQ3DoQ8AxIK1KaW0MndCce9KGmRxKAH5Sx9xO+H
F/kTNAM+4XKJgXYQz9gkwC2RBZ3SuUei/vCt6XWxqKkjiOnW0Ehm7rOYKOLqbsBj
8fZS1MA7gMQhBHisnHBa5UEdj4LWJN6JLlvJvpQjYFhI8/gfNS4D8UV0prTmQ75n
azP4SjcqybpJmB2YgFSks+U1V2eUiMuB9q6JmhLZkjAsD391AG0Fpg+v/k/QkQCW
JGTb6T8W48DzwVaUw4tBhAbpDBfcHxgPUaNOnxBLEqpQr2zw3PF53dJeYH6D7eNh
VK3DQM3XBMAXzY6UhyLyhvKqE3euAZl865tJ1VASQkw2ILLvQmZSev9/Yw5UqrgC
V/cjt8OLJJT03UAWiI+Vp88ButlFO70CSTBcTHfMG1re6QZrs16KkWB6JP+OFSa0
YrpDD97lTCbKm1PUOboT1DJtZz0XlSht/I//Utd/xmqfbcYZpCA=
=lDU7
iHUEABYKAB0WIQSceIfhtfy84t/tDhwCxDrQctV3gwUCYdnnHgAKCRACxDrQctV3
g+lMAP4wQMfYQQRpEaia5p4fRqojqsJUOSLmgNI5DBFxHlP6PQD/bbiqWmpdidkw
4JgRZTR3NSAodEsVuiTbzzSgIUYnfQ0=
=syTx
-----END PGP SIGNATURE-----

36
how-to-create-encrypted-paper-backup/qr-backup.sh
View File

@ -18,8 +18,10 @@ while [ $# -gt 0 ]; do
"" \
"Options:" \
" --create-bip39-mnemonic create BIP39 mnemonic" \
" --create-electrum-mnemonic create Electrum mnemonic" \
" --validate-bip39-mnemonic validate if secret is valid BIP39 mnemonic" \
" --create-passphrase create passphrase" \
" --wordlist <wordlist> wordlist (defaults to large)" \
" --word-count <count> word count (defaults to 7)" \
" --shamir-secret-sharing split secret using Shamir Secret Sharing" \
" --number-of-shares <shares> number of shares (defaults to 5)" \
" --share-threshold <threshold> shares required to access secret (defaults to 3)" \
@ -32,14 +34,24 @@ while [ $# -gt 0 ]; do
create_bip39_mnemonic=true
shift
;;
--create-electrum-mnemonic)
create_electrum_mnemonic=true
shift
;;
--validate-bip39-mnemonic)
validate_bip39_mnemonic=true
shift
;;
--create-passphrase)
create_passphrase=true
shift
;;
--wordlist)
wordlist=$2
shift
shift
;;
--word-count)
word_count=$2
shift
shift
;;
--shamir-secret-sharing)
shamir_secret_sharing=true
shift
@ -117,9 +129,17 @@ if [ -z "$duplicate" ] && [ "$create_bip39_mnemonic" = true ]; then
sleep 1
fi
if [ -z "$duplicate" ] && [ "$create_electrum_mnemonic" = true ]; then
printf "%s\n" "Creating Electrum mnemonic…"
secret=$(electrum make_seed --nbits 264 --offline)
if [ -z "$duplicate" ] && [ "$create_passphrase" = true ]; then
printf "%s\n" "Creating passphrase…"
wordlist_arg=""
if [ -n "$wordlist" ]; then
wordlist_arg=" --$wordlist"
fi
word_count_arg=""
if [ -n "$word_count" ]; then
word_count_arg=" $word_count"
fi
secret=$(passphraseme$wordlist_arg$word_count_arg)
echo $secret
sleep 1
fi

17
how-to-create-encrypted-paper-backup/qr-backup.sh.asc
View File

@ -1,16 +1,7 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEqYzNEiJDZVsm+vthH6dnhiu9EwUFAmGFFm0ACgkQH6dnhiu9
EwXq2g//bMetU+brAt2/Ylx3+TFJ9OWXFNRDBsCxhxJ4PJWxwuQsSAVYyIFJc4aY
u93YaHYCCdef8HA9oTWAztjdOAu3RjAG+gaRV1q6gZZPFVe+FAtK45Sd8npXL+bA
oDS50VHqaIf2VmzHGQMYNLPcFaSMEDG3S2gu6u/kFJvB/PFIvegsgZjeTB5jheS+
1emRiVleLFeoJ7jQxXtg9Pa2KN+TVbV41DOVNA1zxDrLxWp3StKBSorkLzILXjVz
NsDU0Cl04FZlH2T7kyu0fSIQIrdhuVRKmtJuEEGqHQJYYhFeIcRBCx05gStawBhA
cumJCP7uy97iMEU7UXioUGXjG2LL2uxRZGGyyE/4vukPz9dvR9tWztfJEUfdbBFX
b8WVchdhIPIKm+8aZi8nXbacrgY1sGHq6OtZ+rsmW64Ei/UM1tqsvl8g4SaWHkFl
G/2yojfaUAZGWSRPEZyPQJmlqusFV19tGiJxQ7r/C9uvlBl2q1v/xvXtpT1tQSoV
/HNc/pP63AuHIAkYXH9suBJkhtWRL3KFhWugfulFjR0JverLQf84ge5AyWjGg0G2
StqpjBM7EkxdOyRUtPzj7U0JJr+jUa1TF9K2IOuB++26mpAM6zxRA3+VDg812yEQ
te/v/FeqSiLeLeZRh+NYLeoMzGX+t/7rN1JNQOsO3Vb9l1htEWQ=
=gsp9
iHUEABYKAB0WIQSceIfhtfy84t/tDhwCxDrQctV3gwUCYdnnIQAKCRACxDrQctV3
g5quAQCKyGnXYwCeXW7w3VmF6K1l0dEnDwdGV4JHACL87nDVwQD/UsDNJG0dar8q
vxiEFhAsuFle7Hvqa6dBPkZJuJOIbQI=
=j6EG
-----END PGP SIGNATURE-----

17
how-to-create-encrypted-paper-backup/qr-clone.sh.asc
View File

@ -1,16 +1,7 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEqYzNEiJDZVsm+vthH6dnhiu9EwUFAmCP4IQACgkQH6dnhiu9
EwUnZg//cXdL8ZPvwt4PQMQJSeAET/DNdFX72vYTjVLGUHXXf7xfut/LnBlX9Qbi
HOHW0YriMYI6cKE8t29Rftxv/V1Fx5mvEYZk9hv/amqfrmTGgl+NchDfd5O+aKGA
NJAkvVTmMbxCLQR9qR3+ebrkT99RA5qij9W9P3JeuhNvQ0xDuYmX33YVWI5I4l8q
K/qeMJItGGZhHCyhG/kNxmHA9lggn3lOWD7PeEvhttpBteWKwJovKI8YNo4scMIz
mMrjrMS10lysocCmax4jyRyBTLPfQqe/HTJXTE2fWUVwish5339hYX9UgFBFqfhU
6mqtN3F0mQc/iyJDlZysf9t7Wg/HzGCMgsjfDtXN5+RPMLxZ5ytNy9+7i+EVL1rp
S4ZsTcnTQo8aJPCmaGaXPx69vTK0ui0f34fZVasuBFOTEhBj6ijKXDGdXJG+A8uY
esvL1gag00OkWzcNhOH6VuxAoK2of2z5omh2xdcp4gATHHBdKLfuLOsqcscy+Xnm
py+TJEVGGFeqGJYYWLSgL80U4g+wPuQ9cpQnAQnDdeXw6Xve5+K1j1d86wTmjW25
2eNmYWauRc5i1QKDD26BWNBXygKi14di+v/NI8WvW8KIBr+OeuMm+xxSQw5oqBQl
a5WwTM8hZSsnYE+LLz0ZBQMWAOA4WLcsa5ygWIKZEGTsA5L4TQw=
=Onmw
iHUEABYKAB0WIQSceIfhtfy84t/tDhwCxDrQctV3gwUCYdnnIwAKCRACxDrQctV3
g4B6AP0Rz4NIhfH7EZ4hqUkEYA67vyo85+CmumEfokL/X/XE1AD9Fuoybo6oXodt
YzLqccq8TEfhkMgdevH+vHJv033Tsg4=
=2C0h
-----END PGP SIGNATURE-----

17
how-to-create-encrypted-paper-backup/qr-restore.sh.asc
View File

@ -1,16 +1,7 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEqYzNEiJDZVsm+vthH6dnhiu9EwUFAmGFFnsACgkQH6dnhiu9
EwWshRAAmPKfQkUYGF3pPhExBaQSv3fN028txLqklqRsGz9qd1RRLfFDQaH0u0Q6
62/WB53xQZM3Rhj7zn0mHwaKMqhuWYrs1149erUr+mp9ypTvYDhgyB7RVtzy7LCH
fRuquH+9tEigQ/iff2Hx0CfLYnjUqf5mzU6ihgMvKVv0SqSCfaNg3yNZ6e0iOd9w
Guw//nX67jvhpnjFShQlNyM/RKX8yqr3ZSZzXLCoYAybuWbEuBwviYtJ4/hraDSz
g8Ev4+hAvR4EHtPyXjkJm5XWDBMspZ9rnoI4/D3bkCff/BR6znR1ZINWGlwU9qbt
azp6YnUt4HCWFi2BYvfMYQvsEC2ZrHC+sfFV6wmMl7vc3xQj00cyhMPKFPA3OU5c
WpZMdTEWCBkFuQjbvdwHSGmOct8adRH/1IqQdBAGIK33Koc3kWL587Sb7kFwFSu5
SKn28Y9cWRQq4oNexpAHvjdJvyLL6pPf3yWSv5oRybiq7r/t3w0fR4fyvTE2BwM8
pBDOUWOELXjUN8UbfoSzr4HM1HqY8fP2CK8IbYjjYGOQMFGD8dk3vJeBaIDLEbNT
S9LgLBkLszDJMqpXMJxPOUJzsxXH1tj5DYkijeXOd6pIJaaThS2UrS5KHClXn0O0
v+yiFB6O8V+LtHZ2v+jFWDny3QFKLJN/FiOi49DTanftYY+357E=
=NDhF
iHUEABYKAB0WIQSceIfhtfy84t/tDhwCxDrQctV3gwUCYdnnJQAKCRACxDrQctV3
g44yAQDmKKcbbshFJ96WzWx+j2cKtKlrNvSlbqngT/4beuApygEAi+qXuMdk67wl
TBZk28kCvJFFrt/sp2HUB441pYQyqQM=
=q62F
-----END PGP SIGNATURE-----

17
how-to-create-encrypted-paper-backup/secure-erase.sh.asc
View File

@ -1,16 +1,7 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEqYzNEiJDZVsm+vthH6dnhiu9EwUFAmDCu1oACgkQH6dnhiu9
EwX94A//Wn/nrkrGj81B0A5i/2e7k5eJAUUojOD3r9+9bR9zuJIrBrWM9B/hmPJM
v0I6nuNZKuoROAACei6fg7rnRAbLIRBk/PwGt3kjRdmcOYdDnGBysLibaNA0T0hV
Nhu+t2hNWJmd3mTMP2HOHw9K5iH6AmSn5LzrRGua6edvf79UQW+N9G93U6N5gM6s
BpkkK80d/byfVZ5MoHZcV+ZwRCYHyMDA6GgrdVPoK0ETn5N5iJSnAPPJyypFScQh
GN3mzatqZM3JkctrqLJOdC+YIrzuqq7aU8cbTrPI9Y4EnL5cGPsmwolnlrYZNwY4
WCEt6pS8ZOVc0xELVvLPqJB5Hg0/jlk2R5u2yY+kZNEwkJEnwDnbrXB3zBvnZqut
GHBclq/6KkKtET0LYTbHYcaK+LmM7LfPgbKQh6wr2uokjZqfdOKOfG/BVD8hekWd
mkbp0hL9RzvVXVm1bvFGeNXSB/UE2/l/U+AnZMm67hNYO3PI4O4R5AZddmA2I7iX
cWNK6Znb/MUzBJXqndKZMLL/QkWMD/Z9TH0cEoXH56uMGB2hT5L1buq1qKqsl+yG
8sGG44CM5yGweSZWiqdRl7dMVkMXkfbPQFRTH/cFgUeEMiWv05Ndjmtr7+5tHkB4
9xFikaeV7JQuBoLiyjunksQcOZrMS+4P/SCCJ+rtZeYKJJVpCUs=
=/N/D
iHUEABYKAB0WIQSceIfhtfy84t/tDhwCxDrQctV3gwUCYdnnJwAKCRACxDrQctV3
g/MUAQDSB3YHz/68M0mRjbdbi/MK5a9s5BlCgsz642fMqdzkkgD+JCZWAo/62Gqw
NzD0pVWk2DKyevPimL1oQwVBkM7FwQA=
=TI2X
-----END PGP SIGNATURE-----

2
how-to-create-encrypted-paper-backup/test.sh
View File

@ -19,7 +19,7 @@ if [ -n "$1" ]; then
else
printf "%s\n" "Running unit tests…"
expect ./tests/bip39.exp
expect ./tests/electrum.exp
expect ./tests/passphrase.exp
expect ./tests/default.exp
expect ./tests/shamir.exp
expect ./tests/shamir-2-of-3.exp

14
how-to-create-encrypted-paper-backup/tests/bip39.exp
View File

@ -2,8 +2,8 @@
source ./test.exp
set bip39_mnemonic "online pipe enough dutch decorate want moment scheme rigid enlist blast boat purse sick chalk shop brush all return betray jacket salon abandon retire"
set electrum_mnemonic "month pet slice know amused leave now vague palm guess cattle element cross truly auto put among craft repeat van sample nephew sad family"
set valid_bip39_mnemonic "online pipe enough dutch decorate want moment scheme rigid enlist blast boat purse sick chalk shop brush all return betray jacket salon abandon retire"
set invalid_bip39_mnemonic "online pipe enough dutch decorate want moment scheme rigid enlist blast boat purse sick chalk shop brush all return betray jacket salon abandon check"
test_label "Should format flash drive and create BIP39 mnemonic"
@ -22,7 +22,7 @@ expect {
}
expect {
-re {mkfs\.fat 4\.1 \(2017-01-24\)}
-re {mkfs\.fat 4\.2 \(2021-01-31\)}
}
expect {
@ -56,14 +56,14 @@ expect {
expect {
-re {Please type secret and press enter, then ctrl\+d} {
test_send "$bip39_mnemonic\r"
test_send "$valid_bip39_mnemonic\r"
test_send "\x04"
}
}
expect {
-re {Please type secret and press enter, then ctrl\+d \(again\)} {
test_send "$bip39_mnemonic\r"
test_send "$valid_bip39_mnemonic\r"
test_send "\x04"
}
}
@ -95,14 +95,14 @@ expect {
expect {
-re {Please type secret and press enter, then ctrl\+d} {
test_send "$electrum_mnemonic\r"
test_send "$invalid_bip39_mnemonic\r"
test_send "\x04"
}
}
expect {
-re {Please type secret and press enter, then ctrl\+d \(again\)} {
test_send "$electrum_mnemonic\r"
test_send "$invalid_bip39_mnemonic\r"
test_send "\x04"
}
}

32
how-to-create-encrypted-paper-backup/tests/electrum.exp
View File

@ -1,32 +0,0 @@
#!/usr/bin/expect
source ./test.exp
test_label "Should create Electrum mnemonic"
spawn qr-backup.sh --create-electrum-mnemonic
expect {
-re {Format USB flash drive \(y or n\)\?} {
test_send "n\r"
}
}
expect {
-re {\[sudo\] password for pi:} {
test_send "$env(password)\r"
}
}
expect {
-re {Creating Electrum mnemonic…}
}
expect {
-re {([a-z]+ ?){24}} {
test_ok true
}
eof {
test_failed
}
}

61
how-to-create-encrypted-paper-backup/tests/passphrase.exp Normal file
View File

@ -0,0 +1,61 @@
#!/usr/bin/expect
source ./test.exp
test_label "Should create 7-word passphrase"
spawn qr-backup.sh --create-passphrase
expect {
-re {Format USB flash drive \(y or n\)\?} {
test_send "n\r"
}
}
expect {
-re {\[sudo\] password for pi:} {
test_send "$env(password)\r"
}
}
expect {
-re {Creating passphrase…}
}
expect {
-re {([a-z]+ ?){7}} {
test_ok true
}
eof {
test_failed
}
}
test_label "Should format flash drive and create 5-word passphrase using short #1 wordlist"
spawn qr-backup.sh --create-passphrase --wordlist short1 --word-count 5
expect {
-re {Format USB flash drive \(y or n\)\?} {
test_send "n\r"
}
}
expect {
-re {\[sudo\] password for pi:} {
test_send "$env(password)\r"
}
}
expect {
-re {Creating passphrase…}
}
expect {
-re {([a-z]{3,5} ?){5}} {
test_ok true
}
eof {
test_failed
}
}

17
how-to-create-encrypted-paper-backup/tmux-buttons.py.asc
View File

@ -1,16 +1,7 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEqYzNEiJDZVsm+vthH6dnhiu9EwUFAmCBdosACgkQH6dnhiu9
EwVO0w/+OuHCOnL3nAF0ShoQx2851IFsuiJHP3FHKpQNBIqde4DhudYDjusrOyGR
NnmCo6gotUMVqzCUaqPhC23tUzUYB4KhpjDA/mz0HTEr1JIFQvxa0N1AMW0HnsnZ
EJLi53eCzjx+9lA8Wy+Okh+mZtM5hflatv/yONIrXyMXV+jDk0sgWJ1amxQvPEaT
D/L/9LGvJ9S7QQ/BJfxNVLu+CkBJAqxr8IPKG+mLJMX9nChF+AXu58xGmH35YZtP
nQwjEINFhUziTIyJJwRSLKZa96LhPkXLFtdfDcgs8br+T+Hjaa9AOGd9WJiU1SkX
p3F1rsbeC1w7KEsbFG1KkyS4KQe4oOFMXBGhBtvTiSXn/f7BWjJ6G3vMImzBWJ7I
tszifz/xcVxYsTHMfjtCMIvS+Es/wqAn6MOzsLJwc6T6qT+hz2bA+aP4MM2BQ2QB
mzeEavFumvlpFrCnEbeKNF+WyNK3ULDOEBrK1B1sT+CBzVmQm0RVovgs9Diqsxfi
zEYDnjY569tr9lh6rYHm9IjC4lMsQ7d8u/seaFROqK0BFd9vezItDFOYz2YqI06M
pTYTghBymSlxBgWspieBggH62Ji7wD+0t3MW0f34O4i226h9Ol7CWj9luA5MGADB
I2by6x5m9m5L6aK0ipD/hP/n3uUHvFitnPjNYY3FJvCYXLMME1I=
=RWAj
iHUEABYKAB0WIQSceIfhtfy84t/tDhwCxDrQctV3gwUCYdnnEwAKCRACxDrQctV3
g6rWAQCUjlEHE0kRp5k+8NSRo8aF+RwW+GnxuNQBmu85Y04vwwD8CEZ6P8CY8db7
Ue24uMziRf1yygg2TmsJUzQn6wqD6wA=
=xIQi
-----END PGP SIGNATURE-----

17
how-to-create-encrypted-paper-backup/trezor-restore.sh.asc
View File

@ -1,16 +1,7 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEqYzNEiJDZVsm+vthH6dnhiu9EwUFAmCP4KwACgkQH6dnhiu9
EwWETQ/9H4WZ0xDCmRbYm52KZux3Bf57BRY0ztKFCrvAC99GeMnKLZLPJ0s/FPsG
YquUqi3GcGCy1amxR4qFSO0NVEHq8d/iJw9zS1XQSccOBtDkxg8EafFp3Cs6CPAm
8txrbVu+TJTEs9kTAhdhsDhJcDfuezFOCHE3wcCWUKRLDLbikoTfFoDELtpbf5qg
yHixG7YzoeutyzYaVXdKJq/E5ar+hM+Z4GGavhZuh6FAaMCcwt6GtcTWAmz8SVI0
dnpMlX0nAgCCKrDQFtI+7dSTggrFsnxjQY9i175wkKXqXFFNTTOoGlp8672cYDZ+
UUmb5q/oNf7+6aHgOiReKQeG/sjscxCKj3Z3FA5pZ/Hptv84zD5d8Ur59HL9yIcC
MZHOrSd6tMqxAq4cfMyTb/FYvgw4mey+Cnr8FTG5o5NAitCPsVCAeVSKBO6WtJY2
MILULjp862yfnSfusnUvZWQOqVac/uVad+eXbEHouPktZRVbm5LDKS5lN5JU/w3s
DNIWzPDHFDFr9kNCkYq9//UJTBTrP3UYz8kXzEYxnlRAPStMzEWI7gcbzybcWNDu
3B8uGl2DTv/ntN/ezhCZYjil0fQ9eowOZTyImr8d8ecK2Nmazm/fyJs20sZOc0wE
tKcbRPkkSxSnWAoTX1zK7JkROpXXd1xfiLO2So9x9LpIndYolkc=
=bll5
iHUEABYKAB0WIQSceIfhtfy84t/tDhwCxDrQctV3gwUCYdnnKwAKCRACxDrQctV3
gwsaAP9oONMyAeSHvuy/ypriPSHJYU2Qrkiq3ScWTfCx0vDnugD/X+8xuq3V5OdU
5p/mJx0T5KCT7f3J726Lwh3QtQtEBgg=
=cC3d
-----END PGP SIGNATURE-----

17
how-to-create-encrypted-paper-backup/trezor-verify-integrity.sh.asc
View File

@ -1,16 +1,7 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEqYzNEiJDZVsm+vthH6dnhiu9EwUFAmCP4LYACgkQH6dnhiu9
EwWw6A//X4BTQjyeUm77HVC4eQPS0wTWEN3sucAJJBa+1PkFR65zWVYll3WouAyT
wgwO993ikiYcCdctc6S59k2uJogQJq7meX0dlUQn0NCT/p31wVSH8J8h6V+gxqSz
+mtZap2hVf4dBPbseHTlf4akEJPtgqAJXwhXONkXgbGsgzf0FV7DsCNBsySJTTcY
VCerMMrnVNdkDr1pVIwUYn0+ZcMko5U6wYstzKZfPJmbKxRkvlkxqgB0TuCDxgSe
pDiNMooU0pYxjWVm7XpYzTiMXz1huEq/jWXMn/Il/8v9bn5uFTG/1sVZ5XwNGyQP
hUBPevlrQ1TP4EDAmS4OQiJcJFWEZIWqO6SCCn9MjYYoBJ4Lyn4G3hwgh4KShD6g
pvEKWP8Mvpb3BVoTBEzN8JHsJYgEdzNPQyrFyc1//NUDo7VKURFwAakFQIqGTITe
LpNXFNhodHkSgJfABzZ0U1YogvCG+wPR+9VDOO8bvi5xoHoeYBar1f2KXhshH/Jb
PfGGcwyBV07nqFgbjb247NWqsXZq0S4+q4KzIaRHiG1Ffn6A9RDIneeCwnpkDIQ3
ocEVSs3XDhOrxA3E/F4k6Ufid+XLSMD0W6TmryQx8nCUeZOeyeb/EbhPU9V/az4K
huWkg3pWfVCYLzzGT3ZC0DloL+AT2lsxpdkD/4acmYEmrlyUC9U=
=GPw2
iHUEABYKAB0WIQSceIfhtfy84t/tDhwCxDrQctV3gwUCYdnnLgAKCRACxDrQctV3
g5JMAQD0jymqgrXRrBS0W50SYEzYtTZWntbXp08NywqEFl2xEQD/QM3LwseRO6ZN
C+4P4+5mAIKBwNtgnKje+7MzJANQBQI=
=1xbl
-----END PGP SIGNATURE-----

17
how-to-create-encrypted-paper-backup/update.sh.asc
View File

@ -1,16 +1,7 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEqYzNEiJDZVsm+vthH6dnhiu9EwUFAmC83VoACgkQH6dnhiu9
EwUBDg//chGKJ4jOAb1gJfFk5tsz+ePSwNCCjt2NQY4uql/dg9DlBS2eKbw8DOA2
V9Ykcptn94pNYBYRRfk11qTMPb7Mm4LDccZY94ghSAvxs6uJYt7feU7nw99QGyHZ
ujKqfXMW1di5cJ/8yb/B3qnSVDSQiQ9gGesAMATwJnxmD0W3Q+sf/8V8/CF1rWlZ
Xr5ktbQv5nSeJ4msrPGBlV9pJ7pYitnSc2HKdh2e+uPWapVY3Pquey2COx3qfI55
vNqS/zB7R9GA7MbVd5tZEZhPTp9PBNLXtBFsxCNud1Lcq7JynuTeoRCdmYl7nZr7
m2uxCcvws6YWJxO6LsNJrWaN8sjLYMp/EvgCTwolg8hXvmEnwYLnRovKGDWMsDgG
KN2nXhqXOvAIx35YgYMPgQ3aNdp1lrw1UpBWh8RC2pKFiUyI11pCqRIydShPxPLk
Vam0NBsWUhurw/kdKPzS9xnV+KAdfZtlffKVFFJ9pVCoW8Nd74DP/cEYEKw2ULyB
rDyVNTehnMj6dAEcGMMuR5VegLwBTDXM3qgtUAWs0uI5cUVoBjHlnzmcxK1DJebf
3Al4cpHyhqDTtMc/6PKO2drnLEsQRu9F8lL6CVyIugjuFqhCtUwbCsdOBM1V5pxl
XMnyx98qM1tNCRQ8j0lH5pWM1gnUQHqkJBCQACH8TgXQEjsBO+I=
=uYDp
iHUEABYKAB0WIQSceIfhtfy84t/tDhwCxDrQctV3gwUCYdnnMAAKCRACxDrQctV3
g1rEAP9kdXSOITUqf1aHhxGesazC2ljpRJxW3ZLxDIhIkiG+GQD/Xv4Y1MfXm8D3
K+kA3j/siWRM96b51M89ERGkt3xeDwg=
=xSK7
-----END PGP SIGNATURE-----

17
how-to-create-encrypted-paper-backup/validate-bip39-mnemonic.py.asc
View File

@ -1,16 +1,7 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEqYzNEiJDZVsm+vthH6dnhiu9EwUFAmB4b8IACgkQH6dnhiu9
EwW89xAAg9D7Sv99IRD8gV9z8Jn9zirPE4uJIs4PQardKDniIqmHjz2MFNXTdzAW
C7VKLM8LBkM4E2UXhBfQSfnbG8i4CAIZfOP2vvEMFuBS5C/O+PmWuwCM+REIg1K6
Urn29l55ljgZ9l0o0URkCx4jGtvtTiHEP1UhiuRnA1f2IO0AMT4fEhSNCoo9IAwT
lcd+5qH1sRiHTR9JdiUVkAzw6qhB7tsHR2qyhQnZQQ8F8sJiqBC176AmZHK2L86A
T3BrK1TNrJtfRxocx3qrUwDJVp38LNFoMOFUKxKht6KCaVz7C6q7yaJnBkRRxm5r
skIS8LzkWa6Yr5wm7M0kvckW8pElQ3EjFYuJaNyLvVxNPCDLZo39Em7oxTWZ6HqP
y7ukVfcy5MbD/tqH2tWS/L89FULRwUkn8BK8HdYFBJgr8o/HTMzntpPF7hSJwMbH
FH6CwFUOGxe5pIVpFb2FnBpMQeO8yrIGtbzWm76Jf5EFqyxBHJaVv+H60QU4BsEW
rxjeFcMqJk9IjK9r0nIJ91YP0+8g6YRATD5nXbITh06c9oHSTspkHjOUkrlG8SCQ
AaAGG8uXKKHLpV1PBHPqDCk2lTBkT0TrddhnEBbLDxvxfXOSharapC4jMv+smM2b
lVJr+M8W+VDZ0iqk0+bYMNq9ymJOFkXwwMsvsGF3eJANU8yi2fk=
=blqh
iHUEABYKAB0WIQSceIfhtfy84t/tDhwCxDrQctV3gwUCYdnnFQAKCRACxDrQctV3
g/bZAPwLkeHdtcs0nP4552wZ3ynNRGIQN8vuhp/NR+yrY6pZlAEA18d/qUZcJDO4
2ZIKLyEsuZxJJzcEiYjz2bj1kn7ykQk=
=YMVc
-----END PGP SIGNATURE-----