s83/privacy-guides
1
0
Fork 0
mirror of https://github.com/sunknudsen/privacy-guides.git synced 2025-02-23 09:13:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

Refactored guide, implemented ckcc and passphraseme and deprecated Electrum

Browse Source
This commit is contained in:
Sun Knudsen 2022-01-10 08:16:25 -05:00
parent 908b211c36
commit 1965eca7f6
No known key found for this signature in database
GPG Key ID: 02C43AD072D57783
19 changed files with 351 additions and 548 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

513
how-to-create-encrypted-paper-backup/README.md
View File

@ -29,10 +29,10 @@ Listed: true
### Step 1: log in to Raspberry Pi ### Step 1: log in to Raspberry Pi
Replace `10.0.1.248` with IP of Raspberry Pi. Replace `10.0.1.181` with IP of Raspberry Pi.
```shell ```shell
ssh pi@10.0.1.248 -i ~/.ssh/pi ssh pi@10.0.1.181 -i ~/.ssh/pi
``` ```
### Step 2: configure console font ### Step 2: configure console font
@ -55,105 +55,45 @@ sudo raspi-config
Select “Localisation Options”, then “Keyboard”, then “Generic 105-key PC (intl.)”, then “Other”, then “English (US)”, then “English (US)”, then “The default for the keyboard layout”, then “No compose key” and finally “Finish”. Select “Localisation Options”, then “Keyboard”, then “Generic 105-key PC (intl.)”, then “Other”, then “English (US)”, then “English (US)”, then “The default for the keyboard layout”, then “No compose key” and finally “Finish”.
### Step 4: install dependencies available on repositories ### Step 4: install dependencies
```console ```console
$ sudo apt update $ sudo apt update
$ sudo apt install -y bc expect fim imagemagick python3-pip python3-rpi.gpio $ sudo apt install -y bc expect fim git imagemagick python3-pip python3-rpi.gpio tmux zbar-tools
$ pip3 install --user mnemonic pillow qrcode
$ echo -e "export GPG_TTY=\"\$(tty)\"\nexport PATH=\$PATH:/home/pi/.local/bin" >> ~/.bashrc $ echo -e "export GPG_TTY=\"\$(tty)\"\nexport PATH=\$PATH:/home/pi/.local/bin" >> ~/.bashrc
$ source ~/.bashrc $ source ~/.bashrc
``` ```
### Step 5 (optional): install [Adafruit PiTFT monitor](https://www.adafruit.com/product/2423) drivers and disable console auto login ### Step 5: install [ckcc](https://github.com/Coldcard/ckcc-protocol) (used to manage [COLDCARD](https://coldcard.com/) devices, see [docs](https://coldcardwallet.com/docs/cli))
#### Install Adafruit PiTFT monitor drivers
> Heads-up: dont worry about `PITFT Failed to disable unit: Unit file fbcp.service does not exist.`.
> Heads-up: when asked to reboot, type `n` and press enter.
```console ```console
$ sudo apt update $ pip3 install --user ckcc-protocol[cli]
$ sudo apt install -y git python3-pip $ sudo curl --fail --output /etc/udev/rules.d/51-coinkite.rules https://raw.githubusercontent.com/Coldcard/ckcc-protocol/master/51-coinkite.rules
$ sudo pip3 install adafruit-python-shell click==7.0
$ git clone https://github.com/adafruit/Raspberry-Pi-Installer-Scripts.git
$ cd Raspberry-Pi-Installer-Scripts
$ sudo python3 adafruit-pitft.py --display=28c --rotation=90 --install-type=console
$ cd ~
$ rm -fr Raspberry-Pi-Installer-Scripts
``` ```
#### Disable console auto login ### Step 6: install [mnemonic](https://github.com/trezor/python-mnemonic) (used to create and validate BIP39 mnemonics)
> Heads-up: when asked to reboot, select “No” and press enter.
```shell ```shell
sudo raspi-config pip3 install --user mnemonic
``` ```
Select “System Options”, then “Boot / Auto Login”, then “Console” and finally “Finish”. ### Step 7: install [passphraseme](https://github.com/micahflee/passphraseme) (used to create passphrases using [EFF](https://www.eff.org/dice) wordlists)
### Step 6: install [zbar](https://github.com/mchehab/zbar) from source ```shell
pip3 install --user passphraseme
#### Install zbar dependencies
```console
$ sudo apt update
$ sudo apt install -y autopoint build-essential git libjpeg-dev libmagickwand-dev libtool libv4l-dev
``` ```
#### Clone zbar repository ### Step 8: install [sss-cli](https://github.com/dsprenkels/sss-cli) from source (used to split and join secrets using Shamir Secret Sharing)
Replace `0.23.90` with [latest release](https://github.com/mchehab/zbar/releases/latest) semver.
```console
$ cd ~
$ git clone https://github.com/mchehab/zbar
$ cd zbar
$ git checkout 0.23.90
```
#### Configure, compile and install zbar
```console
$ autoreconf -vfi
$ ./configure --without-python
$ make
$ sudo make install
$ sudo ldconfig
$ cd ~
$ rm -fr zbar
```
### Step 7: install [sss-cli](https://github.com/dsprenkels/sss-cli) from source
#### Install [Rust](https://www.rust-lang.org/) #### Install [Rust](https://www.rust-lang.org/)
> Heads-up: when asked for installation option, select “Proceed with installation (default)”. > Heads-up: when asked for installation option, select “Proceed with installation (default)”.
```shell ```console
$ curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh $ curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
$ source ~/.bashrc $ source ~/.bashrc
@ -167,135 +107,70 @@ $ cargo install --git https://github.com/dsprenkels/sss-cli --branch v0.1
$ cp ~/.cargo/bin/secret-share* ~/.local/bin/ $ cp ~/.cargo/bin/secret-share* ~/.local/bin/
``` ```
### Step 8: install [Electrum](https://electrum.org/#home) (used to generate Electrum mnemonics) ### Step 9: install [trezorctl](https://wiki.trezor.io/Using_trezorctl_commands_with_Trezor) (used to manage [Trezor](https://trezor.io/) devices, see [docs](https://wiki.trezor.io/Using_trezorctl_commands_with_Trezor))
#### Install Electrum dependencies
```shell
$ sudo apt update
$ sudo apt install -y libsecp256k1-0 python3-cryptography
```
#### Import ThomasVs PGP public key
```console ```console
$ curl https://raw.githubusercontent.com/spesmilo/electrum/master/pubkeys/ThomasV.asc | gpg --import
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 4739 100 4739 0 0 22459 0 --:--:-- --:--:-- --:--:-- 22459
gpg: /home/pi/.gnupg/trustdb.gpg: trustdb created
gpg: key 2BD5824B7F9470E6: public key "Thomas Voegtlin (https://electrum.org) <thomasv@electrum.org>" imported
gpg: Total number processed: 1
gpg: imported: 1
```
imported: 1
👍
#### Set Electrum release semver environment variable
Replace `4.1.2` with [latest release](https://electrum.org/#download) semver.
```shell
ELECTRUM_RELEASE_SEMVER=4.1.2
```
#### Download Electrum release and associated PGP signature
```shell
$ cd ~
$ curl --remote-name "https://download.electrum.org/$ELECTRUM_RELEASE_SEMVER/Electrum-$ELECTRUM_RELEASE_SEMVER.tar.gz"
$ curl --remote-name "https://download.electrum.org/$ELECTRUM_RELEASE_SEMVER/Electrum-$ELECTRUM_RELEASE_SEMVER.tar.gz.asc"
```
#### Verify Electrum release (learn how [here](../how-to-verify-pgp-digital-signatures-using-gnupg-on-macos))
```console
$ gpg --verify Electrum-$ELECTRUM_RELEASE_SEMVER.tar.gz.asc
gpg: assuming signed data in 'Electrum-$ELECTRUM_RELEASE_SEMVER.tar.gz'
gpg: Signature made Thu 08 Apr 2021 09:47:30 EDT
gpg: using RSA key 6694D8DE7BE8EE5631BED9502BD5824B7F9470E6
gpg: Good signature from "Thomas Voegtlin (https://electrum.org) <thomasv@electrum.org>" [unknown]
gpg: aka "ThomasV <thomasv1@gmx.de>" [unknown]
gpg: aka "Thomas Voegtlin <thomasv1@gmx.de>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 6694 D8DE 7BE8 EE56 31BE D950 2BD5 824B 7F94 70E6
```
Good signature
👍
#### Install Electrum
```shell
$ pip3 install --user Electrum-$ELECTRUM_RELEASE_SEMVER.tar.gz
$ rm Electrum-$ELECTRUM_RELEASE_SEMVER.tar.gz*
```
### Step 9: install `tmux` and [trezorctl](https://wiki.trezor.io/Using_trezorctl_commands_with_Trezor) (used to verify integrity of and restore [Trezor](https://trezor.io/) devices)
```console
$ sudo apt update
$ sudo apt install -y tmux
$ pip3 install --user attrs trezor $ pip3 install --user attrs trezor
$ sudo curl --fail --output /etc/udev/rules.d/51-trezor.rules https://data.trezor.io/udev/51-trezor.rules $ sudo curl --fail --output /etc/udev/rules.d/51-trezor.rules https://data.trezor.io/udev/51-trezor.rules
``` ```
### Step 10: import Suns PGP public key (used to verify downloads below) ### Step 10: install [qrcode](https://github.com/lincolnloop/python-qrcode) (used to create QR codes)
```shell
pip3 install --user pillow qrcode
```
### Step 11: import Suns PGP public key (used to verify downloads below)
```console ```console
$ curl --fail --output /home/pi/sunknudsen.asc https://raw.githubusercontent.com/sunknudsen/pgp-public-key/master/legacy/sunknudsen-legacy.asc $ curl --fail --output /home/pi/sunknudsen.asc https://sunknudsen.com/sunknudsen.asc
% Total % Received % Xferd Average Speed Time Time Time Current % Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed Dload Upload Total Spent Left Speed
100 6896 100 6896 0 0 7569 0 --:--:-- --:--:-- --:--:-- 7561 100 2070 100 2070 0 0 1653 0 0:00:01 0:00:01 --:--:-- 1653
$ gpg --import /home/pi/sunknudsen.asc $ gpg --import /home/pi/sunknudsen.asc
gpg: key C1323A377DE14C8B: public key "Sun Knudsen <hello@sunknudsen.com>" imported gpg: directory '/home/pi/.gnupg' created
gpg: keybox '/home/pi/.gnupg/pubring.kbx' created
gpg: key 8C9CA674C47CA060: 1 signature not checked due to a missing key
gpg: /home/pi/.gnupg/trustdb.gpg: trustdb created
gpg: key 8C9CA674C47CA060: public key "Sun Knudsen <hello@sunknudsen.com>" imported
gpg: Total number processed: 1 gpg: Total number processed: 1
gpg: imported: 1 gpg: imported: 1
gpg: no ultimately trusted keys found
``` ```
imported: 1 imported: 1
👍 👍
### Step 11: download and verify [create-bip39-mnemonic.py](./create-bip39-mnemonic.py) ### Step 12: download and verify [create-bip39-mnemonic.py](./create-bip39-mnemonic.py)
```console ```console
$ curl --fail --output /home/pi/.local/bin/create-bip39-mnemonic.py https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/create-bip39-mnemonic.py $ curl --fail --output /home/pi/.local/bin/create-bip39-mnemonic.py https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/create-bip39-mnemonic.py
% Total % Received % Xferd Average Speed Time Time Time Current % Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed Dload Upload Total Spent Left Speed
100 149 100 149 0 0 138 0 0:00:01 0:00:01 --:--:-- 138 100 149 100 149 0 0 144 0 0:00:01 0:00:01 --:--:-- 144
$ curl --fail --output /home/pi/.local/bin/create-bip39-mnemonic.py.asc https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/create-bip39-mnemonic.py.asc $ curl --fail --output /home/pi/.local/bin/create-bip39-mnemonic.py.asc https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/create-bip39-mnemonic.py.asc
% Total % Received % Xferd Average Speed Time Time Time Current % Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed Dload Upload Total Spent Left Speed
100 833 100 833 0 0 681 0 0:00:01 0:00:01 --:--:-- 681 100 228 100 228 0 0 200 0 0:00:01 0:00:01 --:--:-- 200
$ gpg --verify /home/pi/.local/bin/create-bip39-mnemonic.py.asc $ gpg --verify /home/pi/.local/bin/create-bip39-mnemonic.py.asc
gpg: assuming signed data in '/home/pi/.local/bin/create-bip39-mnemonic.py' gpg: assuming signed data in '/home/pi/.local/bin/create-bip39-mnemonic.py'
gpg: Signature made Thu 15 Apr 2021 12:54:22 EDT gpg: Signature made Sat 08 Jan 2022 14:33:36 EST
gpg: using RSA key A98CCD122243655B26FAFB611FA767862BBD1305 gpg: using EDDSA key 9C7887E1B5FCBCE2DFED0E1C02C43AD072D57783
gpg: Good signature from "Sun Knudsen <hello@sunknudsen.com>" [unknown] gpg: Good signature from "Sun Knudsen <hello@sunknudsen.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature! gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner. gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: C4FB DDC1 6A26 2672 920D 0A0F C132 3A37 7DE1 4C8B Primary key fingerprint: E786 274B C92B 47C2 3C1C F44B 8C9C A674 C47C A060
Subkey fingerprint: A98C CD12 2243 655B 26FA FB61 1FA7 6786 2BBD 1305 Subkey fingerprint: 9C78 87E1 B5FC BCE2 DFED 0E1C 02C4 3AD0 72D5 7783
$ chmod 600 /home/pi/.local/bin/create-bip39-mnemonic.py $ chmod 600 /home/pi/.local/bin/create-bip39-mnemonic.py
``` ```
Primary key fingerprint matches [published](../how-to-encrypt-sign-and-decrypt-messages-using-gnupg-on-macos#verify-suns-pgp-public-key-using-its-fingerprint) fingerprints Primary key fingerprint matches [published](../how-to-encrypt-sign-and-decrypt-messages-using-gnupg-on-macos#verify-suns-pgp-public-key-using-fingerprint) fingerprints
👍 👍
@ -303,33 +178,33 @@ Good signature
👍 👍
### Step 12: download and verify [validate-bip39-mnemonic.py](./validate-bip39-mnemonic.py) ### Step 13: download and verify [validate-bip39-mnemonic.py](./validate-bip39-mnemonic.py)
```console ```console
$ curl --fail --output /home/pi/.local/bin/validate-bip39-mnemonic.py https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/validate-bip39-mnemonic.py $ curl --fail --output /home/pi/.local/bin/validate-bip39-mnemonic.py https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/validate-bip39-mnemonic.py
% Total % Received % Xferd Average Speed Time Time Time Current % Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed Dload Upload Total Spent Left Speed
100 6217 100 6217 0 0 8234 0 --:--:-- --:--:-- --:--:-- 8234 100 183 100 183 0 0 187 0 --:--:-- --:--:-- --:--:-- 187
$ curl --fail --output /home/pi/.local/bin/validate-bip39-mnemonic.py.asc https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/validate-bip39-mnemonic.py.asc $ curl --fail --output /home/pi/.local/bin/validate-bip39-mnemonic.py.asc https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/validate-bip39-mnemonic.py.asc
% Total % Received % Xferd Average Speed Time Time Time Current % Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed Dload Upload Total Spent Left Speed
100 6217 100 6217 0 0 10361 0 --:--:-- --:--:-- --:--:-- 10344 100 228 100 228 0 0 113 0 0:00:02 0:00:02 --:--:-- 113
$ gpg --verify /home/pi/.local/bin/create-bip39-mnemonic.py.asc $ gpg --verify /home/pi/.local/bin/validate-bip39-mnemonic.py.asc
gpg: assuming signed data in '/home/pi/.local/bin/create-bip39-mnemonic.py' gpg: assuming signed data in '/home/pi/.local/bin/validate-bip39-mnemonic.py'
gpg: Signature made Thu 15 Apr 2021 12:54:22 EDT gpg: Signature made Sat 08 Jan 2022 14:33:41 EST
gpg: using RSA key A98CCD122243655B26FAFB611FA767862BBD1305 gpg: using EDDSA key 9C7887E1B5FCBCE2DFED0E1C02C43AD072D57783
gpg: Good signature from "Sun Knudsen <hello@sunknudsen.com>" [unknown] gpg: Good signature from "Sun Knudsen <hello@sunknudsen.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature! gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner. gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: C4FB DDC1 6A26 2672 920D 0A0F C132 3A37 7DE1 4C8B Primary key fingerprint: E786 274B C92B 47C2 3C1C F44B 8C9C A674 C47C A060
Subkey fingerprint: A98C CD12 2243 655B 26FA FB61 1FA7 6786 2BBD 1305 Subkey fingerprint: 9C78 87E1 B5FC BCE2 DFED 0E1C 02C4 3AD0 72D5 7783
$ chmod 600 /home/pi/.local/bin/validate-bip39-mnemonic.py $ chmod 600 /home/pi/.local/bin/validate-bip39-mnemonic.py
``` ```
Primary key fingerprint matches [published](../how-to-encrypt-sign-and-decrypt-messages-using-gnupg-on-macos#verify-suns-pgp-public-key-using-its-fingerprint) fingerprints Primary key fingerprint matches [published](../how-to-encrypt-sign-and-decrypt-messages-using-gnupg-on-macos#verify-suns-pgp-public-key-using-fingerprint) fingerprints
👍 👍
@ -337,33 +212,33 @@ Good signature
👍 👍
### Step 13: download and verify [tmux-buttons.py](./tmux-buttons.py) ### Step 14: download and verify [tmux-buttons.py](./tmux-buttons.py)
```console ```console
$ curl --fail --output /home/pi/.local/bin/tmux-buttons.py https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/tmux-buttons.py $ curl --fail --output /home/pi/.local/bin/tmux-buttons.py https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/tmux-buttons.py
% Total % Received % Xferd Average Speed Time Time Time Current % Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed Dload Upload Total Spent Left Speed
100 149 100 149 0 0 138 0 0:00:01 0:00:01 --:--:-- 138 100 918 100 918 0 0 897 0 0:00:01 0:00:01 --:--:-- 898
$ curl --fail --output /home/pi/.local/bin/tmux-buttons.py.asc https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/tmux-buttons.py.asc $ curl --fail --output /home/pi/.local/bin/tmux-buttons.py.asc https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/tmux-buttons.py.asc
% Total % Received % Xferd Average Speed Time Time Time Current % Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed Dload Upload Total Spent Left Speed
100 833 100 833 0 0 681 0 0:00:01 0:00:01 --:--:-- 681 100 228 100 228 0 0 213 0 0:00:01 0:00:01 --:--:-- 213
$ gpg --verify /home/pi/.local/bin/tmux-buttons.py.asc $ gpg --verify /home/pi/.local/bin/tmux-buttons.py.asc
gpg: assuming signed data in '/home/pi/.local/bin/tmux-buttons.py' gpg: assuming signed data in '/home/pi/.local/bin/tmux-buttons.py'
gpg: Signature made Thu Apr 22 09:13:47 2021 EDT gpg: Signature made Sat 08 Jan 2022 14:33:39 EST
gpg: using RSA key A98CCD122243655B26FAFB611FA767862BBD1305 gpg: using EDDSA key 9C7887E1B5FCBCE2DFED0E1C02C43AD072D57783
gpg: Good signature from "Sun Knudsen <hello@sunknudsen.com>" [unknown] gpg: Good signature from "Sun Knudsen <hello@sunknudsen.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature! gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner. gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: C4FB DDC1 6A26 2672 920D 0A0F C132 3A37 7DE1 4C8B Primary key fingerprint: E786 274B C92B 47C2 3C1C F44B 8C9C A674 C47C A060
Subkey fingerprint: A98C CD12 2243 655B 26FA FB61 1FA7 6786 2BBD 1305 Subkey fingerprint: 9C78 87E1 B5FC BCE2 DFED 0E1C 02C4 3AD0 72D5 7783
$ chmod 600 /home/pi/.local/bin/tmux-buttons.py $ chmod 600 /home/pi/.local/bin/tmux-buttons.py
``` ```
Primary key fingerprint matches [published](../how-to-encrypt-sign-and-decrypt-messages-using-gnupg-on-macos#verify-suns-pgp-public-key-using-its-fingerprint) fingerprints Primary key fingerprint matches [published](../how-to-encrypt-sign-and-decrypt-messages-using-gnupg-on-macos#verify-suns-pgp-public-key-using-fingerprint) fingerprints
👍 👍
@ -371,33 +246,33 @@ Good signature
👍 👍
### Step 14: download and verify [qr-backup.sh](./qr-backup.sh) ### Step 15: download and verify [qr-backup.sh](./qr-backup.sh)
```console ```console
$ curl --fail --output /home/pi/.local/bin/qr-backup.sh https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/qr-backup.sh $ curl --fail --output /home/pi/.local/bin/qr-backup.sh https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/qr-backup.sh
% Total % Received % Xferd Average Speed Time Time Time Current % Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed Dload Upload Total Spent Left Speed
100 3956 100 3956 0 0 3971 0 --:--:-- --:--:-- --:--:-- 3967 100 8225 100 8225 0 0 7679 0 0:00:01 0:00:01 --:--:-- 7686
$ curl --fail --output /home/pi/.local/bin/qr-backup.sh.asc https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/qr-backup.sh.asc $ curl --fail --output /home/pi/.local/bin/qr-backup.sh.asc https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/qr-backup.sh.asc
% Total % Received % Xferd Average Speed Time Time Time Current % Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed Dload Upload Total Spent Left Speed
100 833 100 833 0 0 620 0 0:00:01 0:00:01 --:--:-- 620 100 228 100 228 0 0 259 0 --:--:-- --:--:-- --:--:-- 258
$ gpg --verify /home/pi/.local/bin/qr-backup.sh.asc $ gpg --verify /home/pi/.local/bin/qr-backup.sh.asc
gpg: assuming signed data in '/home/pi/.local/bin/qr-backup.sh' gpg: assuming signed data in '/home/pi/.local/bin/qr-backup.sh'
gpg: Signature made Sun 18 Apr 2021 19:03:07 EDT gpg: Signature made Sat 08 Jan 2022 14:33:53 EST
gpg: using RSA key A98CCD122243655B26FAFB611FA767862BBD1305 gpg: using EDDSA key 9C7887E1B5FCBCE2DFED0E1C02C43AD072D57783
gpg: Good signature from "Sun Knudsen <hello@sunknudsen.com>" [unknown] gpg: Good signature from "Sun Knudsen <hello@sunknudsen.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature! gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner. gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: C4FB DDC1 6A26 2672 920D 0A0F C132 3A37 7DE1 4C8B Primary key fingerprint: E786 274B C92B 47C2 3C1C F44B 8C9C A674 C47C A060
Subkey fingerprint: A98C CD12 2243 655B 26FA FB61 1FA7 6786 2BBD 1305 Subkey fingerprint: 9C78 87E1 B5FC BCE2 DFED 0E1C 02C4 3AD0 72D5 7783
$ chmod 700 /home/pi/.local/bin/qr-backup.sh $ chmod 700 /home/pi/.local/bin/qr-backup.sh
``` ```
Primary key fingerprint matches [published](../how-to-encrypt-sign-and-decrypt-messages-using-gnupg-on-macos#verify-suns-pgp-public-key-using-its-fingerprint) fingerprints Primary key fingerprint matches [published](../how-to-encrypt-sign-and-decrypt-messages-using-gnupg-on-macos#verify-suns-pgp-public-key-using-fingerprint) fingerprints
👍 👍
@ -405,33 +280,33 @@ Good signature
👍 👍
### Step 15: download and verify [qr-restore.sh](./qr-restore.sh) ### Step 16: download and verify [qr-restore.sh](./qr-restore.sh)
```console ```console
$ curl --fail --output /home/pi/.local/bin/qr-restore.sh https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/qr-restore.sh $ curl --fail --output /home/pi/.local/bin/qr-restore.sh https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/qr-restore.sh
% Total % Received % Xferd Average Speed Time Time Time Current % Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed Dload Upload Total Spent Left Speed
100 1904 100 1904 0 0 1715 0 0:00:01 0:00:01 --:--:-- 1715 100 3754 100 3754 0 0 3511 0 0:00:01 0:00:01 --:--:-- 3514
$ curl --fail --output /home/pi/.local/bin/qr-restore.sh.asc https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/qr-restore.sh.asc $ curl --fail --output /home/pi/.local/bin/qr-restore.sh.asc https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/qr-restore.sh.asc
% Total % Received % Xferd Average Speed Time Time Time Current % Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed Dload Upload Total Spent Left Speed
100 833 100 833 0 0 908 0 --:--:-- --:--:-- --:--:-- 908 100 228 100 228 0 0 236 0 --:--:-- --:--:-- --:--:-- 236
$ gpg --verify /home/pi/.local/bin/qr-restore.sh.asc $ gpg --verify /home/pi/.local/bin/qr-restore.sh.asc
gpg: assuming signed data in '/home/pi/.local/bin/qr-restore.sh' gpg: assuming signed data in '/home/pi/.local/bin/qr-restore.sh'
gpg: Signature made Sun 18 Apr 2021 18:47:17 EDT gpg: Signature made Sat 08 Jan 2022 14:33:57 EST
gpg: using RSA key A98CCD122243655B26FAFB611FA767862BBD1305 gpg: using EDDSA key 9C7887E1B5FCBCE2DFED0E1C02C43AD072D57783
gpg: Good signature from "Sun Knudsen <hello@sunknudsen.com>" [unknown] gpg: Good signature from "Sun Knudsen <hello@sunknudsen.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature! gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner. gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: C4FB DDC1 6A26 2672 920D 0A0F C132 3A37 7DE1 4C8B Primary key fingerprint: E786 274B C92B 47C2 3C1C F44B 8C9C A674 C47C A060
Subkey fingerprint: A98C CD12 2243 655B 26FA FB61 1FA7 6786 2BBD 1305 Subkey fingerprint: 9C78 87E1 B5FC BCE2 DFED 0E1C 02C4 3AD0 72D5 7783
$ chmod 700 /home/pi/.local/bin/qr-restore.sh $ chmod 700 /home/pi/.local/bin/qr-restore.sh
``` ```
Primary key fingerprint matches [published](../how-to-encrypt-sign-and-decrypt-messages-using-gnupg-on-macos#verify-suns-pgp-public-key-using-its-fingerprint) fingerprints Primary key fingerprint matches [published](../how-to-encrypt-sign-and-decrypt-messages-using-gnupg-on-macos#verify-suns-pgp-public-key-using-fingerprint) fingerprints
👍 👍
@ -439,33 +314,33 @@ Good signature
👍 👍
### Step 16: download and verify [qr-clone.sh](./qr-clone.sh) ### Step 17: download and verify [qr-clone.sh](./qr-clone.sh)
```console ```console
$ curl --fail --output /home/pi/.local/bin/qr-clone.sh https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/qr-clone.sh $ curl --fail --output /home/pi/.local/bin/qr-clone.sh https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/qr-clone.sh
% Total % Received % Xferd Average Speed Time Time Time Current % Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed Dload Upload Total Spent Left Speed
100 481 100 481 0 0 440 0 0:00:01 0:00:01 --:--:-- 440 100 1007 100 1007 0 0 930 0 0:00:01 0:00:01 --:--:-- 930
$ curl --fail --output /home/pi/.local/bin/qr-clone.sh.asc https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/qr-clone.sh.asc $ curl --fail --output /home/pi/.local/bin/qr-clone.sh.asc https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/qr-clone.sh.asc
% Total % Received % Xferd Average Speed Time Time Time Current % Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed Dload Upload Total Spent Left Speed
100 833 100 833 0 0 783 0 0:00:01 0:00:01 --:--:-- 784 100 228 100 228 0 0 230 0 --:--:-- --:--:-- --:--:-- 229
$ gpg --verify /home/pi/.local/bin/qr-clone.sh.asc $ gpg --verify /home/pi/.local/bin/qr-clone.sh.asc
gpg: assuming signed data in '/home/pi/.local/bin/qr-clone.sh' gpg: assuming signed data in '/home/pi/.local/bin/qr-clone.sh'
gpg: Signature made Sat 17 Apr 2021 15:37:07 EDT gpg: Signature made Sat 08 Jan 2022 14:33:55 EST
gpg: using RSA key A98CCD122243655B26FAFB611FA767862BBD1305 gpg: using EDDSA key 9C7887E1B5FCBCE2DFED0E1C02C43AD072D57783
gpg: Good signature from "Sun Knudsen <hello@sunknudsen.com>" [unknown] gpg: Good signature from "Sun Knudsen <hello@sunknudsen.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature! gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner. gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: C4FB DDC1 6A26 2672 920D 0A0F C132 3A37 7DE1 4C8B Primary key fingerprint: E786 274B C92B 47C2 3C1C F44B 8C9C A674 C47C A060
Subkey fingerprint: A98C CD12 2243 655B 26FA FB61 1FA7 6786 2BBD 1305 Subkey fingerprint: 9C78 87E1 B5FC BCE2 DFED 0E1C 02C4 3AD0 72D5 7783
$ chmod 700 /home/pi/.local/bin/qr-clone.sh $ chmod 700 /home/pi/.local/bin/qr-clone.sh
``` ```
Primary key fingerprint matches [published](../how-to-encrypt-sign-and-decrypt-messages-using-gnupg-on-macos#verify-suns-pgp-public-key-using-its-fingerprint) fingerprints Primary key fingerprint matches [published](../how-to-encrypt-sign-and-decrypt-messages-using-gnupg-on-macos#verify-suns-pgp-public-key-using-fingerprint) fingerprints
👍 👍
@ -473,33 +348,33 @@ Good signature
👍 👍
### Step 17: download and verify [secure-erase.sh](./secure-erase.sh) ### Step 18: download and verify [secure-erase.sh](./secure-erase.sh)
```console ```console
$ curl --fail --output /home/pi/.local/bin/secure-erase.sh https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/secure-erase.sh $ curl --fail --output /home/pi/.local/bin/secure-erase.sh https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/secure-erase.sh
% Total % Received % Xferd Average Speed Time Time Time Current % Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed Dload Upload Total Spent Left Speed
100 1350 100 1350 0 0 992 0 0:00:01 0:00:01 --:--:-- 992 100 1352 100 1352 0 0 1390 0 --:--:-- --:--:-- --:--:-- 1390
$ curl --fail --output /home/pi/.local/bin/secure-erase.sh.asc https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/secure-erase.sh.asc $ curl --fail --output /home/pi/.local/bin/secure-erase.sh.asc https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/secure-erase.sh.asc
% Total % Received % Xferd Average Speed Time Time Time Current % Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed Dload Upload Total Spent Left Speed
100 833 100 833 0 0 805 0 0:00:01 0:00:01 --:--:-- 805 100 228 100 228 0 0 257 0 --:--:-- --:--:-- --:--:-- 257
$ gpg --verify /home/pi/.local/bin/secure-erase.sh.asc $ gpg --verify /home/pi/.local/bin/secure-erase.sh.asc
gpg: assuming signed data in '/home/pi/.local/bin/secure-erase.sh' gpg: assuming signed data in '/home/pi/.local/bin/secure-erase.sh'
gpg: Signature made Thu 03 Jun 2021 19:34:35 BST gpg: Signature made Sat 08 Jan 2022 14:33:59 EST
gpg: using RSA key A98CCD122243655B26FAFB611FA767862BBD1305 gpg: using EDDSA key 9C7887E1B5FCBCE2DFED0E1C02C43AD072D57783
gpg: Good signature from "Sun Knudsen <hello@sunknudsen.com>" [unknown] gpg: Good signature from "Sun Knudsen <hello@sunknudsen.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature! gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner. gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: C4FB DDC1 6A26 2672 920D 0A0F C132 3A37 7DE1 4C8B Primary key fingerprint: E786 274B C92B 47C2 3C1C F44B 8C9C A674 C47C A060
Subkey fingerprint: A98C CD12 2243 655B 26FA FB61 1FA7 6786 2BBD 1305 Subkey fingerprint: 9C78 87E1 B5FC BCE2 DFED 0E1C 02C4 3AD0 72D5 7783
$ chmod 700 /home/pi/.local/bin/secure-erase.sh $ chmod 700 /home/pi/.local/bin/secure-erase.sh
``` ```
Primary key fingerprint matches [published](../how-to-encrypt-sign-and-decrypt-messages-using-gnupg-on-macos#verify-suns-pgp-public-key-using-its-fingerprint) fingerprints Primary key fingerprint matches [published](../how-to-encrypt-sign-and-decrypt-messages-using-gnupg-on-macos#verify-suns-pgp-public-key-using-fingerprint) fingerprints
👍 👍
@ -507,33 +382,33 @@ Good signature
👍 👍
### Step 18: download and verify [trezor-verify-integrity.sh](./trezor-verify-integrity.sh) (used to verify integrity of Trezor devices) ### Step 19: download and verify [trezor-verify-integrity.sh](./trezor-verify-integrity.sh) (used to verify integrity of Trezor devices)
```console ```console
$ curl --fail --output /home/pi/.local/bin/trezor-verify-integrity.sh https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/trezor-verify-integrity.sh $ curl --fail --output /home/pi/.local/bin/trezor-verify-integrity.sh https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/trezor-verify-integrity.sh
% Total % Received % Xferd Average Speed Time Time Time Current % Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed Dload Upload Total Spent Left Speed
100 1283 100 1283 0 0 1189 0 0:00:01 0:00:01 --:--:-- 1189 100 1228 100 1228 0 0 1271 0 --:--:-- --:--:-- --:--:-- 1269
$ curl --fail --output /home/pi/.local/bin/trezor-verify-integrity.sh.asc https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/trezor-verify-integrity.sh.asc $ curl --fail --output /home/pi/.local/bin/trezor-verify-integrity.sh.asc https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/trezor-verify-integrity.sh.asc
% Total % Received % Xferd Average Speed Time Time Time Current % Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed Dload Upload Total Spent Left Speed
100 833 100 833 0 0 944 0 --:--:-- --:--:-- --:--:-- 944 100 228 100 228 0 0 244 0 --:--:-- --:--:-- --:--:-- 243
$ gpg --verify /home/pi/.local/bin/trezor-verify-integrity.sh.asc $ gpg --verify /home/pi/.local/bin/trezor-verify-integrity.sh.asc
gpg: assuming signed data in '/home/pi/.local/bin/trezor-verify-integrity.sh' gpg: assuming signed data in '/home/pi/.local/bin/trezor-verify-integrity.sh'
gpg: Signature made Thu Apr 22 09:13:56 2021 EDT gpg: Signature made Sat 08 Jan 2022 14:34:06 EST
gpg: using RSA key A98CCD122243655B26FAFB611FA767862BBD1305 gpg: using EDDSA key 9C7887E1B5FCBCE2DFED0E1C02C43AD072D57783
gpg: Good signature from "Sun Knudsen <hello@sunknudsen.com>" [unknown] gpg: Good signature from "Sun Knudsen <hello@sunknudsen.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature! gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner. gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: C4FB DDC1 6A26 2672 920D 0A0F C132 3A37 7DE1 4C8B Primary key fingerprint: E786 274B C92B 47C2 3C1C F44B 8C9C A674 C47C A060
Subkey fingerprint: A98C CD12 2243 655B 26FA FB61 1FA7 6786 2BBD 1305 Subkey fingerprint: 9C78 87E1 B5FC BCE2 DFED 0E1C 02C4 3AD0 72D5 7783
$ chmod 700 /home/pi/.local/bin/trezor-verify-integrity.sh $ chmod 700 /home/pi/.local/bin/trezor-verify-integrity.sh
``` ```
Primary key fingerprint matches [published](../how-to-encrypt-sign-and-decrypt-messages-using-gnupg-on-macos#verify-suns-pgp-public-key-using-its-fingerprint) fingerprints Primary key fingerprint matches [published](../how-to-encrypt-sign-and-decrypt-messages-using-gnupg-on-macos#verify-suns-pgp-public-key-using-fingerprint) fingerprints
👍 👍
@ -541,33 +416,33 @@ Good signature
👍 👍
### Step 19: download and verify [trezor-restore.sh](./trezor-restore.sh) (used to restore Trezor devices) ### Step 20: download and verify [trezor-restore.sh](./trezor-restore.sh) (used to restore Trezor devices)
```console ```console
$ curl --fail --output /home/pi/.local/bin/trezor-restore.sh https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/trezor-restore.sh $ curl --fail --output /home/pi/.local/bin/trezor-restore.sh https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/trezor-restore.sh
% Total % Received % Xferd Average Speed Time Time Time Current % Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed Dload Upload Total Spent Left Speed
100 1283 100 1283 0 0 1189 0 0:00:01 0:00:01 --:--:-- 1189 100 1818 100 1818 0 0 1744 0 0:00:01 0:00:01 --:--:-- 1744
$ curl --fail --output /home/pi/.local/bin/trezor-restore.sh.asc https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/trezor-restore.sh.asc $ curl --fail --output /home/pi/.local/bin/trezor-restore.sh.asc https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/trezor-restore.sh.asc
% Total % Received % Xferd Average Speed Time Time Time Current % Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed Dload Upload Total Spent Left Speed
100 833 100 833 0 0 944 0 --:--:-- --:--:-- --:--:-- 944 100 228 100 228 0 0 257 0 --:--:-- --:--:-- --:--:-- 257
$ gpg --verify /home/pi/.local/bin/trezor-restore.sh.asc $ gpg --verify /home/pi/.local/bin/trezor-restore.sh.asc
gpg: assuming signed data in '/home/pi/.local/bin/trezor-restore.sh' gpg: assuming signed data in '/home/pi/.local/bin/trezor-restore.sh'
gpg: Signature made Thu Apr 22 09:14:04 2021 EDT gpg: Signature made Sat 08 Jan 2022 14:34:03 EST
gpg: using RSA key A98CCD122243655B26FAFB611FA767862BBD1305 gpg: using EDDSA key 9C7887E1B5FCBCE2DFED0E1C02C43AD072D57783
gpg: Good signature from "Sun Knudsen <hello@sunknudsen.com>" [unknown] gpg: Good signature from "Sun Knudsen <hello@sunknudsen.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature! gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner. gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: C4FB DDC1 6A26 2672 920D 0A0F C132 3A37 7DE1 4C8B Primary key fingerprint: E786 274B C92B 47C2 3C1C F44B 8C9C A674 C47C A060
Subkey fingerprint: A98C CD12 2243 655B 26FA FB61 1FA7 6786 2BBD 1305 Subkey fingerprint: 9C78 87E1 B5FC BCE2 DFED 0E1C 02C4 3AD0 72D5 7783
$ chmod 700 /home/pi/.local/bin/trezor-restore.sh $ chmod 700 /home/pi/.local/bin/trezor-restore.sh
``` ```
Primary key fingerprint matches [published](../how-to-encrypt-sign-and-decrypt-messages-using-gnupg-on-macos#verify-suns-pgp-public-key-using-its-fingerprint) fingerprints Primary key fingerprint matches [published](../how-to-encrypt-sign-and-decrypt-messages-using-gnupg-on-macos#verify-suns-pgp-public-key-using-fingerprint) fingerprints
👍 👍
@ -575,33 +450,33 @@ Good signature
👍 👍
### Step 20: download and verify [update.sh](./update.sh) ### Step 21: download and verify [update.sh](./update.sh)
```console ```console
$ curl --fail --output /home/pi/.local/bin/update.sh https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/update.sh $ curl --fail --output /home/pi/.local/bin/update.sh https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/update.sh
% Total % Received % Xferd Average Speed Time Time Time Current % Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed Dload Upload Total Spent Left Speed
100 1494 100 1494 0 0 1498 0 --:--:-- --:--:-- --:--:-- 149 100 1846 100 1846 0 0 1895 0 --:--:-- --:--:-- --:--:-- 1895
$ curl --fail --output /home/pi/.local/bin/update.sh.asc https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/update.sh.asc $ curl --fail --output /home/pi/.local/bin/update.sh.asc https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/update.sh.asc
% Total % Received % Xferd Average Speed Time Time Time Current % Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed Dload Upload Total Spent Left Speed
100 833 100 833 0 0 929 0 --:--:-- --:--:-- --:--:-- 928 100 228 100 228 0 0 225 0 0:00:01 0:00:01 --:--:-- 225
$ gpg --verify /home/pi/.local/bin/update.sh.asc $ gpg --verify /home/pi/.local/bin/update.sh.asc
gpg: assuming signed data in '/home/pi/.local/bin/update.sh' gpg: assuming signed data in '/home/pi/.local/bin/update.sh'
gpg: Signature made Sat 05 Jun 2021 16:01:37 BST gpg: Signature made Sat 08 Jan 2022 14:34:08 EST
gpg: using RSA key A98CCD122243655B26FAFB611FA767862BBD1305 gpg: using EDDSA key 9C7887E1B5FCBCE2DFED0E1C02C43AD072D57783
gpg: Good signature from "Sun Knudsen <hello@sunknudsen.com>" [unknown] gpg: Good signature from "Sun Knudsen <hello@sunknudsen.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature! gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner. gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: C4FB DDC1 6A26 2672 920D 0A0F C132 3A37 7DE1 4C8B Primary key fingerprint: E786 274B C92B 47C2 3C1C F44B 8C9C A674 C47C A060
Subkey fingerprint: A98C CD12 2243 655B 26FA FB61 1FA7 6786 2BBD 1305 Subkey fingerprint: 9C78 87E1 B5FC BCE2 DFED 0E1C 02C4 3AD0 72D5 7783
$ chmod 700 /home/pi/.local/bin/update.sh $ chmod 700 /home/pi/.local/bin/update.sh
``` ```
Primary key fingerprint matches [published](../how-to-encrypt-sign-and-decrypt-messages-using-gnupg-on-macos#verify-suns-pgp-public-key-using-its-fingerprint) fingerprints Primary key fingerprint matches [published](../how-to-encrypt-sign-and-decrypt-messages-using-gnupg-on-macos#verify-suns-pgp-public-key-using-fingerprint) fingerprints
👍 👍
@ -609,24 +484,38 @@ Good signature
👍 👍
### Step 21: make filesystem read-only ### Step 22 (optional): install [Adafruit PiTFT monitor](https://www.adafruit.com/product/2423) drivers and disable console auto login
#### Install Adafruit PiTFT monitor drivers
> Heads-up: dont worry about `PITFT Failed to disable unit: Unit file fbcp.service does not exist.`.
```console
$ sudo pip3 install adafruit-python-shell click
$ sudo git clone https://github.com/adafruit/Raspberry-Pi-Installer-Scripts.git /usr/local/include/Raspberry-Pi-Installer-Scripts
$ sudo python3 /usr/local/include/Raspberry-Pi-Installer-Scripts/adafruit-pitft.py --display=28c --rotation=90 --install-type=console --reboot=no
```
#### Disable console auto login
> Heads-up: when asked to reboot, select “No” and press enter.
```shell
sudo raspi-config
```
Select “System Options”, then “Boot / Auto Login”, then “Console” and finally “Finish”.
### Step 23: make filesystem read-only
> Heads-up: shout-out to Nico Kaiser for his amazing [guide](https://gist.github.com/nicokaiser/08aa5b7b3958f171cf61549b70e8a34b) on how to configure a read-only Raspberry Pi. > Heads-up: shout-out to Nico Kaiser for his amazing [guide](https://gist.github.com/nicokaiser/08aa5b7b3958f171cf61549b70e8a34b) on how to configure a read-only Raspberry Pi.
#### Disable swap #### Disable fake-hwclock and logrotate
```console
$ sudo dphys-swapfile swapoff
$ sudo dphys-swapfile uninstall
$ sudo systemctl disable dphys-swapfile.service
```
#### Remove `dphys-swapfile`, `fake-hwclock` and `logrotate`
```shell ```shell
sudo apt remove -y --purge dphys-swapfile fake-hwclock logrotate sudo systemctl disable fake-hwclock logrotate
``` ```
#### Link `/etc/console-setup` to `/tmp/console-setup` #### Link `/etc/console-setup` to `/tmp/console-setup`
@ -637,12 +526,6 @@ $ sudo rm -fr /etc/console-setup
$ sudo ln -s /tmp/console-setup /etc/console-setup $ sudo ln -s /tmp/console-setup /etc/console-setup
``` ```
#### Link `/home/pi/.electrum` to `/tmp/pi/.electrum`
```console
$ ln -s /tmp/pi/.electrum /home/pi/.electrum
```
#### Link `/home/pi/.gnupg` to `/tmp/pi/.gnupg` #### Link `/home/pi/.gnupg` to `/tmp/pi/.gnupg`
```console ```console
@ -651,10 +534,10 @@ $ rm -fr /home/pi/.gnupg
$ ln -s /tmp/pi/.gnupg /home/pi/.gnupg $ ln -s /tmp/pi/.gnupg /home/pi/.gnupg
``` ```
#### Enable `tmp.mount` service #### Enable tmp.mount
```console ```console
$ echo -e "D /tmp 1777 root root -\nD /tmp/console-setup 1700 root root -\nD /tmp/pi 1700 pi pi -\nD /tmp/pi/.electrum 1700 pi pi -\nD /tmp/pi/.gnupg 1700 pi pi -\nD /var/tmp 1777 root root -" | sudo tee /etc/tmpfiles.d/tmp.conf $ echo -e "D /tmp 1777 root root -\nD /tmp/console-setup 1700 root root -\nD /tmp/pi 1700 pi pi -\nD /tmp/pi/.gnupg 1700 pi pi -\nD /var/tmp 1777 root root -" | sudo tee /etc/tmpfiles.d/tmp.conf
$ sudo cp /usr/share/systemd/tmp.mount /etc/systemd/system/ $ sudo cp /usr/share/systemd/tmp.mount /etc/systemd/system/
@ -664,8 +547,6 @@ $ sudo systemctl enable tmp.mount
#### Edit `/boot/cmdline.txt` #### Edit `/boot/cmdline.txt`
```console ```console
$ sudo cp /boot/cmdline.txt /boot/cmdline.txt.backup
$ sudo sed -i 's/fsck.repair=yes/fsck.repair=skip/' /boot/cmdline.txt $ sudo sed -i 's/fsck.repair=yes/fsck.repair=skip/' /boot/cmdline.txt
$ sudo sed -i '$ s/$/ fastboot noswap ro systemd.volatile=state/' /boot/cmdline.txt $ sudo sed -i '$ s/$/ fastboot noswap ro systemd.volatile=state/' /boot/cmdline.txt
@ -674,34 +555,34 @@ $ sudo sed -i '$ s/$/ fastboot noswap ro systemd.volatile=state/' /boot/cmdline.
#### Edit `/etc/fstab` #### Edit `/etc/fstab`
```console ```console
$ sudo cp /etc/fstab /etc/fstab.backup
$ sudo sed -i -e 's/vfat\s*defaults\s/vfat defaults,ro/' /etc/fstab $ sudo sed -i -e 's/vfat\s*defaults\s/vfat defaults,ro/' /etc/fstab
$ sudo sed -i -e 's/ext4\s*defaults,noatime\s/ext4 defaults,noatime,ro,noload/' /etc/fstab $ sudo sed -i -e 's/ext4\s*defaults,noatime\s/ext4 defaults,noatime,ro,noload/' /etc/fstab
``` ```
### Step 22: disable Wi-Fi (if not using ethernet) ### Step 24: disable networking and “fix” rfkill bug
```console
$ sudo systemctl disable dhcpcd networking sshd.service wpa_supplicant
$ sudo rm /etc/profile.d/wifi-check.sh
```
### Step 25: disable Wi-Fi
> Heads-up: use `cat /boot/config.txt | grep "dtoverlay=disable-wifi" && echo "Wi-Fi disabled"` to see if Wi-Fi is already disabled.
```shell ```shell
echo "dtoverlay=disable-wifi" | sudo tee -a /boot/config.txt echo "dtoverlay=disable-wifi" | sudo tee -a /boot/config.txt
``` ```
### Step 23: disable `dhcpcd`, `networking` and `wpa_supplicant` services and “fix” `rfkill` bug ### Step 26: delete macOS hidden files (if present)
```console
$ sudo systemctl disable dhcpcd networking wpa_supplicant
$ sudo rm /etc/profile.d/wifi-check.sh
```
### Step 24: delete macOS hidden files (if present)
```shell ```shell
sudo rm -fr /boot/.fseventsd /boot/.DS_Store /boot/.Spotlight-V100 sudo rm -fr /boot/.fseventsd /boot/.DS_Store /boot/.Spotlight-V100
``` ```
### Step 25: reboot ### Step 27: unplug network cable (if using ethernet) and reboot
```shell ```shell
sudo systemctl reboot sudo systemctl reboot
@ -709,7 +590,7 @@ sudo systemctl reboot
> WARNING: DO NOT CONNECT RASPBERRY PI TO NETWORK EVER AGAIN WITHOUT REINSTALLING RASPBERRY PI OS FIRST (DEVICE IS NOW “READ-ONLY” AND “COLD”). > WARNING: DO NOT CONNECT RASPBERRY PI TO NETWORK EVER AGAIN WITHOUT REINSTALLING RASPBERRY PI OS FIRST (DEVICE IS NOW “READ-ONLY” AND “COLD”).
### Step 26 (optional): disable auto-mount of `boot` volume (on macOS) ### Step 28 (optional): disable auto-mount of `boot` volume (on macOS)
> Heads-up: done to prevent macOS from writing [hidden files](#step-24-delete-macos-hidden-files-if-present) to `boot` volume which would invalidate stored SHA512 hash of microSD card. > Heads-up: done to prevent macOS from writing [hidden files](#step-24-delete-macos-hidden-files-if-present) to `boot` volume which would invalidate stored SHA512 hash of microSD card.
@ -717,7 +598,7 @@ sudo systemctl reboot
![micro-sd-card-adapter](./micro-sd-card-adapter.png) ![micro-sd-card-adapter](./micro-sd-card-adapter.png)
#### Insert microSD card into adapter and insert adapter into computer #### Insert microSD card into adapter and adapter into computer
#### Run following and eject microSD card #### Run following and eject microSD card
@ -727,41 +608,45 @@ volume_uuid=$(diskutil info "$volume_path" | awk '/Volume UUID:/ { print $3 }')
echo "UUID=$volume_uuid none msdos ro,noauto" | sudo tee -a /etc/fstab echo "UUID=$volume_uuid none msdos ro,noauto" | sudo tee -a /etc/fstab
``` ```
### Step 27 (optional): compute SHA512 hash of SD card and store in password manager (on macOS) ### Step 29 (optional): compute SHA512 hash of microSD card and store in password manager (on macOS)
Run `diskutil list` to find disk ID of microSD card with “Raspberry Pi OS Lite” installed (`disk2` in the following example). Run `diskutil list` to find disk ID of microSD card with “Raspberry Pi OS Lite” installed (`disk4` in the following example).
Replace `diskn` and `rdiskn` with disk ID of SD card (`disk2` and `rdisk2` in the following example). Replace `diskn` and `rdiskn` with disk ID of microSD card (`disk4` and `rdisk4` in the following example).
```console ```console
$ diskutil list $ diskutil list
/dev/disk0 (internal, physical): /dev/disk0 (internal):
#: TYPE NAME SIZE IDENTIFIER #: TYPE NAME SIZE IDENTIFIER
0: GUID_partition_scheme *500.3 GB disk0 0: GUID_partition_scheme 500.3 GB disk0
1: EFI EFI 209.7 MB disk0s1 1: Apple_APFS_ISC 524.3 MB disk0s1
2: Apple_APFS Container disk1 500.1 GB disk0s2 2: Apple_APFS Container disk3 494.4 GB disk0s2
3: Apple_APFS_Recovery 5.4 GB disk0s3
/dev/disk1 (synthesized): /dev/disk3 (synthesized):
#: TYPE NAME SIZE IDENTIFIER #: TYPE NAME SIZE IDENTIFIER
0: APFS Container Scheme - +500.1 GB disk1 0: APFS Container Scheme - +494.4 GB disk3
Physical Store disk0s2 Physical Store disk0s2
1: APFS Volume Macintosh HD - Data 340.9 GB disk1s1 1: APFS Volume Macintosh HD 15.3 GB disk3s1
2: APFS Volume Preboot 85.9 MB disk1s2 2: APFS Snapshot com.apple.os.update-... 15.3 GB disk3s1s1
3: APFS Volume Recovery 529.0 MB disk1s3 3: APFS Volume Preboot 328.4 MB disk3s2
4: APFS Volume VM 3.2 GB disk1s4 4: APFS Volume Recovery 815.1 MB disk3s3
5: APFS Volume Macintosh HD 11.3 GB disk1s5 5: APFS Volume Data 458.2 GB disk3s5
6: APFS Volume VM 3.2 GB disk3s6
/dev/disk2 (internal, physical): /dev/disk4 (external, physical):
#: TYPE NAME SIZE IDENTIFIER #: TYPE NAME SIZE IDENTIFIER
0: FDisk_partition_scheme *15.9 GB disk2 0: FDisk_partition_scheme *15.9 GB disk4
1: Windows_FAT_32 boot 268.4 MB disk2s1 1: Windows_FAT_32 boot 268.4 MB disk4s1
2: Linux 15.7 GB disk2s2 2: Linux 3.1 GB disk4s2
(free space) 12.5 GB -
$ sudo diskutil unmountDisk /dev/diskn $ sudo diskutil unmountDisk /dev/diskn
Unmount of all volumes on disk2 was successful Unmount of all volumes on disk4 was successful
$ sudo openssl dgst -sha512 /dev/rdiskn $ sudo openssl dgst -sha512 /dev/rdiskns1 /dev/rdiskns2
SHA512(/dev/rdisk2)= 353af7e9bd78d7d98875f0e2a58da3d7cdfc494f2ab5474b2ab4a8fd212ac6a37c996d54f6c650838adb61e4b30801bcf1150081f6dbb51998cf33a74fa7f0fe SHA512(/dev/rdisk4s1)= a14b7c184279a3e756eaa095b619e949320e759bf4637406e82e713aff24732691aaad5aa2377086655ef04b42fc8d7c98e338ebd049f79626923c0d16e18761
SHA512(/dev/rdisk4s2)= 5627414e630eb2fa2b080858deee80daec0470668fbfcf3965fe9c52ba0bf1e68518610ee6d4d1a1212c09d2ccbdcb80989838b00369ff5e2ca4f9d10b8ae4fb
``` ```
👍 👍
@ -778,11 +663,13 @@ Usage: qr-backup.sh [options]
Options: Options:
--create-bip39-mnemonic create BIP39 mnemonic --create-bip39-mnemonic create BIP39 mnemonic
--create-electrum-mnemonic create Electrum mnemonic
--validate-bip39-mnemonic validate if secret is valid BIP39 mnemonic --validate-bip39-mnemonic validate if secret is valid BIP39 mnemonic
--create-passphrase create passphrase
--wordlist <wordlist> wordlist (defaults to large)
--word-count <count> word count (defaults to 7)
--shamir-secret-sharing split secret using Shamir Secret Sharing --shamir-secret-sharing split secret using Shamir Secret Sharing
--number-of-shares number of shares (defaults to 5) --number-of-shares <shares> number of shares (defaults to 5)
--share-threshold shares required to access secret (defaults to 3) --share-threshold <threshold> shares required to access secret (defaults to 3)
--no-qr disable show SHA512 hash as QR code prompt --no-qr disable show SHA512 hash as QR code prompt
--label <label> print label after short hash --label <label> print label after short hash
-h, --help display help for command -h, --help display help for command
@ -790,7 +677,7 @@ Options:
$ qr-backup.sh $ qr-backup.sh
Format USB flash drive (y or n)? Format USB flash drive (y or n)?
y y
mkfs.fat 4.1 (2017-01-24) mkfs.fat 4.2 (2021-01-31)
Please type secret and press enter, then ctrl+d (again) Please type secret and press enter, then ctrl+d (again)
this is a test yo this is a test yo
Please type passphrase and press enter Please type passphrase and press enter
@ -829,7 +716,7 @@ Usage: qr-restore.sh [options]
Options: Options:
--shamir-secret-sharing combine secret using Shamir Secret Sharing --shamir-secret-sharing combine secret using Shamir Secret Sharing
--share-threshold shares required to access secret (defaults to 3) --share-threshold <threshold> shares required to access secret (defaults to 3)
--word-list split secret into word list --word-list split secret into word list
-h, --help display help for command -h, --help display help for command
@ -844,7 +731,7 @@ AidLaa1d1+V5vFQowNv/6IyN+nDe/bS+qTFdPI5PptW+rVg+Rw0=
SHA512 hash: 0ed162fe43bedf052f5af54e0dc3861ec87b579d1b8f28d85daa93c8316546cf997cd5656a69baa41fbf65b25f1a9fe7626504d480c4103903d32536b61d715a SHA512 hash: 0ed162fe43bedf052f5af54e0dc3861ec87b579d1b8f28d85daa93c8316546cf997cd5656a69baa41fbf65b25f1a9fe7626504d480c4103903d32536b61d715a
SHA512 short hash: 0ed162fe SHA512 short hash: 0ed162fe
Please type passphrase and press enter Please type passphrase and press enter
gpg: AES256 encrypted data gpg: AES256.CFB encrypted data
gpg: encrypted with 1 passphrase gpg: encrypted with 1 passphrase
Show secret (y or n)? Show secret (y or n)?
y y
@ -881,7 +768,7 @@ AidLaa1d1+V5vFQowNv/6IyN+nDe/bS+qTFdPI5PptW+rVg+Rw0=
SHA512 hash: 0ed162fe43bedf052f5af54e0dc3861ec87b579d1b8f28d85daa93c8316546cf997cd5656a69baa41fbf65b25f1a9fe7626504d480c4103903d32536b61d715a SHA512 hash: 0ed162fe43bedf052f5af54e0dc3861ec87b579d1b8f28d85daa93c8316546cf997cd5656a69baa41fbf65b25f1a9fe7626504d480c4103903d32536b61d715a
SHA512 short hash: 0ed162fe SHA512 short hash: 0ed162fe
Please type passphrase and press enter Please type passphrase and press enter
gpg: AES256 encrypted data gpg: AES256.CFB encrypted data
gpg: encrypted with 1 passphrase gpg: encrypted with 1 passphrase
Show secret (y or n)? Show secret (y or n)?
n n
@ -889,7 +776,7 @@ Done
Backing up… Backing up…
Format USB flash drive (y or n)? Format USB flash drive (y or n)?
y y
mkfs.fat 4.1 (2017-01-24) mkfs.fat 4.2 (2021-01-31)
Please type passphrase and press enter Please type passphrase and press enter
Please type passphrase and press enter (again) Please type passphrase and press enter (again)
Show passphrase (y or n)? Show passphrase (y or n)?
@ -932,19 +819,19 @@ Secure erase USB flash drive (y or n)?
y y
Overwriting with random data… (round 1 of 3) Overwriting with random data… (round 1 of 3)
dd: error writing '/dev/sda1': No space left on device dd: error writing '/dev/sda1': No space left on device
1868+0 records in 118+0 records in
1867+0 records out 117+0 records out
1957691392 bytes (2.0 GB, 1.8 GiB) copied, 180.327 s, 10.9 MB/s 122895360 bytes (123 MB, 117 MiB) copied, 44.1437 s, 2.8 MB/s
Overwriting with random data… (round 2 of 3) Overwriting with random data… (round 2 of 3)
dd: error writing '/dev/sda1': No space left on device dd: error writing '/dev/sda1': No space left on device
1868+0 records in 118+0 records in
1867+0 records out 117+0 records out
1957691392 bytes (2.0 GB, 1.8 GiB) copied, 179.563 s, 10.9 MB/s 122895360 bytes (123 MB, 117 MiB) copied, 48.2873 s, 2.5 MB/s
Overwriting with random data… (round 3 of 3) Overwriting with random data… (round 3 of 3)
dd: error writing '/dev/sda1': No space left on device dd: error writing '/dev/sda1': No space left on device
1868+0 records in 118+0 records in
1867+0 records out 117+0 records out
1957691392 bytes (2.0 GB, 1.8 GiB) copied, 179.09 s, 10.9 MB/s 122895360 bytes (123 MB, 117 MiB) copied, 47.0045 s, 2.6 MB/s
Done Done
``` ```

20
how-to-create-encrypted-paper-backup/cleanup.sh
View File

@ -30,24 +30,6 @@ sudo rm -fr /var/lib/dhcpcd5/* || true
sudo rm -fr /var/log/* || true sudo rm -fr /var/log/* || true
sudo rm -fr /var/tmp/* || true sudo rm -fr /var/tmp/* || true
printf "%s\n" "Done" sudo passwd pi
coutdown() {
tput rc
tput ed
second_s="seconds"
if [ "$1" = "1" ]; then
second_s="second"
fi
printf "$bold%s$normal" "Rebooting in $1 $second_s"
}
tput sc
for ((index=10; index > 0; index--))
do
coutdown $index
sleep 1
done
sudo systemctl reboot sudo systemctl reboot

16
how-to-create-encrypted-paper-backup/cleanup.sh.asc
View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEqYzNEiJDZVsm+vthH6dnhiu9EwUFAmC8vg8ACgkQH6dnhiu9
EwX5BA//aHIG6Hy5PG/achuREBxPJnYbcYCVnwvWayFgVnFykHLnPgu7kQqsYdQB
ikHfNhaJyrx7gNWT1inRqmvHRstgSBcWI1VD3TVv7G/XdxHZmndl3M7alAZHeOIU
iMnDYJeqiqkKsQmIrBg/tChUw+tL6tNbpGWAzcLks7jZl8IQgjRQKe3KZeLZKzfi
8JOChowSSRAnD3Rkfhb6aILX6IRA2XcjOMgQkjZLzWBo35B7KdspCLgH14I3kXlt
yazco1LnzasBAM0lOUyytiixj6bMfNISMJRZjReZZsTpvWDGkphGVhuMOUDfdYP/
DGjksSTHi8BhMqaObGya2E7P6tGPgkfrZVwjGdQA4tZlzgDmRr/6rnLA/6ABAxIm
nsTlKPV3kQzsakFbNUPN6pubUc+vUvPaGXfsSTdx5Z1fJVc6YEZ10Ylhr0VNig0b
+R27XMjj2OEhJBmk6kirJkvN68g1be0YhKSVCiBPF1LUQNtse6uj1x/OevJXnK36
jPIVXv8zCJIe5usKFPtrqkJJymYsiqPtpLsIlxcpJ/V6qXJhZrgyl9CwyIBiGM9N
du5tj7JU+QjFpqxlltN0kULMRpSu+0zPILMLphVnm/B5qV2ztf9ppHNq7fWF90ne
BD7vse5pHh3l5zdb8dyHVsre0BqSir8tGZL54hHQ5tMy35divME=
=uv+s
-----END PGP SIGNATURE-----

17
how-to-create-encrypted-paper-backup/create-bip39-mnemonic.py.asc
View File

@ -1,16 +1,7 @@
-----BEGIN PGP SIGNATURE----- -----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEqYzNEiJDZVsm+vthH6dnhiu9EwUFAmB4b74ACgkQH6dnhiu9 iHUEABYKAB0WIQSceIfhtfy84t/tDhwCxDrQctV3gwUCYdnnEAAKCRACxDrQctV3
EwXhHw/+L8HtMoB+Fzh7WWVtXGw5q+oUHZUOFDe7WdOnFc0orbMhiKjtyEmQp11M g49OAQDDTN1u+D/CurnQrNYcLsFzrdIJWGUN6F66jPTP3amNOgEAl3iCXBAik2wf
ys9Lxni4pnQEiItyppT8qGxFyfvMDdbnYN5wyKJG4LL4sli0V8khKaug2FEDEuUV DukkwJO71zO2G6d+EVxRyKbIFSOt1g8=
RPu2qxxNe+dOi7AJLn1yy+G6DztfTtkc/WI+KNS41ZjgV0jPt8DITLIKvr1DCNjJ =0f22
L/MCaMxhnjjENRq3bYluu+z9C8Gq3clkwvKsG18XnYFh6Rv/YXfAWI7hA3fmGUjJ
LewpwGN+ypIjzDfB11GdykZogd/0yM8KB8UV+yQFaNa6VaD8flUDP83WXJGGk37K
+sRu/T1GLacI4T82ivOOV3u/+Wox7lXX37vok9eSES6u5oF9cFuTvoXgT2USp4OV
74fL0uCU433FZgItvbUkgiThll8LL/vUy/Isx3yKoGp6D/VlvADgknDCG9OMXxG+
GKLTbnBZBJVh0YF6Kf43Zx8ZoOFGa9TIvsGGXN1cSjcTZ7re24j1mpTSP0N0vMsc
spoQSq1lO0YoVrr+9fOoG5kzWeFZlmca4D2NRFg/g+gv/qwjazm0zzCUQRA6A50G
nSSeo2YskBSyEDYQfaqHBJB9qL+pObIrUdP0G7GkAdp5u/tAxnFdAqO+kWntI7f5
cJz0I737arcOwzS/+sdYRblQiU4tyZ8W6SpAuTro0NS0CW26Nn8=
=8fLc
-----END PGP SIGNATURE----- -----END PGP SIGNATURE-----

17
how-to-create-encrypted-paper-backup/pack.sh.asc
View File

@ -1,16 +1,7 @@
-----BEGIN PGP SIGNATURE----- -----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEqYzNEiJDZVsm+vthH6dnhiu9EwUFAmDCvlUACgkQH6dnhiu9 iHUEABYKAB0WIQSceIfhtfy84t/tDhwCxDrQctV3gwUCYdnnHgAKCRACxDrQctV3
EwX0yxAAr0KZWrPHladW4DqTCBl/5RdUmlQXyHNayCUtqfh3v2iVi1A6SS6SsDuh g+lMAP4wQMfYQQRpEaia5p4fRqojqsJUOSLmgNI5DBFxHlP6PQD/bbiqWmpdidkw
eKwZUzshIGgbbkNj7nituzsJKhDVo8A7LY+3kqgdG9sh8LGtY9Mk7cE2LGRwtsXr 4JgRZTR3NSAodEsVuiTbzzSgIUYnfQ0=
Ofrw8HLdW4i1YnaA1vRtKc76fFKJbAqh+K6Zoqi8R9Lb0vGtwafUf+C2wS1tqr+S =syTx
fLGbCfTkJBvpYzoTXKFew+jYjHQ3DoQ8AxIK1KaW0MndCce9KGmRxKAH5Sx9xO+H
F/kTNAM+4XKJgXYQz9gkwC2RBZ3SuUei/vCt6XWxqKkjiOnW0Ehm7rOYKOLqbsBj
8fZS1MA7gMQhBHisnHBa5UEdj4LWJN6JLlvJvpQjYFhI8/gfNS4D8UV0prTmQ75n
azP4SjcqybpJmB2YgFSks+U1V2eUiMuB9q6JmhLZkjAsD391AG0Fpg+v/k/QkQCW
JGTb6T8W48DzwVaUw4tBhAbpDBfcHxgPUaNOnxBLEqpQr2zw3PF53dJeYH6D7eNh
VK3DQM3XBMAXzY6UhyLyhvKqE3euAZl865tJ1VASQkw2ILLvQmZSev9/Yw5UqrgC
V/cjt8OLJJT03UAWiI+Vp88ButlFO70CSTBcTHfMG1re6QZrs16KkWB6JP+OFSa0
YrpDD97lTCbKm1PUOboT1DJtZz0XlSht/I//Utd/xmqfbcYZpCA=
=lDU7
-----END PGP SIGNATURE----- -----END PGP SIGNATURE-----

36
how-to-create-encrypted-paper-backup/qr-backup.sh
View File

@ -18,8 +18,10 @@ while [ $# -gt 0 ]; do
"" \ "" \
"Options:" \ "Options:" \
" --create-bip39-mnemonic create BIP39 mnemonic" \ " --create-bip39-mnemonic create BIP39 mnemonic" \
" --create-electrum-mnemonic create Electrum mnemonic" \
" --validate-bip39-mnemonic validate if secret is valid BIP39 mnemonic" \ " --validate-bip39-mnemonic validate if secret is valid BIP39 mnemonic" \
" --create-passphrase create passphrase" \
" --wordlist <wordlist> wordlist (defaults to large)" \
" --word-count <count> word count (defaults to 7)" \
" --shamir-secret-sharing split secret using Shamir Secret Sharing" \ " --shamir-secret-sharing split secret using Shamir Secret Sharing" \
" --number-of-shares <shares> number of shares (defaults to 5)" \ " --number-of-shares <shares> number of shares (defaults to 5)" \
" --share-threshold <threshold> shares required to access secret (defaults to 3)" \ " --share-threshold <threshold> shares required to access secret (defaults to 3)" \
@ -32,14 +34,24 @@ while [ $# -gt 0 ]; do
create_bip39_mnemonic=true create_bip39_mnemonic=true
shift shift
;; ;;
--create-electrum-mnemonic)
create_electrum_mnemonic=true
shift
;;
--validate-bip39-mnemonic) --validate-bip39-mnemonic)
validate_bip39_mnemonic=true validate_bip39_mnemonic=true
shift shift
;; ;;
--create-passphrase)
create_passphrase=true
shift
;;
--wordlist)
wordlist=$2
shift
shift
;;
--word-count)
word_count=$2
shift
shift
;;
--shamir-secret-sharing) --shamir-secret-sharing)
shamir_secret_sharing=true shamir_secret_sharing=true
shift shift
@ -117,9 +129,17 @@ if [ -z "$duplicate" ] && [ "$create_bip39_mnemonic" = true ]; then
sleep 1 sleep 1
fi fi
if [ -z "$duplicate" ] && [ "$create_electrum_mnemonic" = true ]; then if [ -z "$duplicate" ] && [ "$create_passphrase" = true ]; then
printf "%s\n" "Creating Electrum mnemonic…" printf "%s\n" "Creating passphrase…"
secret=$(electrum make_seed --nbits 264 --offline) wordlist_arg=""
if [ -n "$wordlist" ]; then
wordlist_arg=" --$wordlist"
fi
word_count_arg=""
if [ -n "$word_count" ]; then
word_count_arg=" $word_count"
fi
secret=$(passphraseme$wordlist_arg$word_count_arg)
echo $secret echo $secret
sleep 1 sleep 1
fi fi

17
how-to-create-encrypted-paper-backup/qr-backup.sh.asc
View File

@ -1,16 +1,7 @@
-----BEGIN PGP SIGNATURE----- -----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEqYzNEiJDZVsm+vthH6dnhiu9EwUFAmGFFm0ACgkQH6dnhiu9 iHUEABYKAB0WIQSceIfhtfy84t/tDhwCxDrQctV3gwUCYdnnIQAKCRACxDrQctV3
EwXq2g//bMetU+brAt2/Ylx3+TFJ9OWXFNRDBsCxhxJ4PJWxwuQsSAVYyIFJc4aY g5quAQCKyGnXYwCeXW7w3VmF6K1l0dEnDwdGV4JHACL87nDVwQD/UsDNJG0dar8q
u93YaHYCCdef8HA9oTWAztjdOAu3RjAG+gaRV1q6gZZPFVe+FAtK45Sd8npXL+bA vxiEFhAsuFle7Hvqa6dBPkZJuJOIbQI=
oDS50VHqaIf2VmzHGQMYNLPcFaSMEDG3S2gu6u/kFJvB/PFIvegsgZjeTB5jheS+ =j6EG
1emRiVleLFeoJ7jQxXtg9Pa2KN+TVbV41DOVNA1zxDrLxWp3StKBSorkLzILXjVz
NsDU0Cl04FZlH2T7kyu0fSIQIrdhuVRKmtJuEEGqHQJYYhFeIcRBCx05gStawBhA
cumJCP7uy97iMEU7UXioUGXjG2LL2uxRZGGyyE/4vukPz9dvR9tWztfJEUfdbBFX
b8WVchdhIPIKm+8aZi8nXbacrgY1sGHq6OtZ+rsmW64Ei/UM1tqsvl8g4SaWHkFl
G/2yojfaUAZGWSRPEZyPQJmlqusFV19tGiJxQ7r/C9uvlBl2q1v/xvXtpT1tQSoV
/HNc/pP63AuHIAkYXH9suBJkhtWRL3KFhWugfulFjR0JverLQf84ge5AyWjGg0G2
StqpjBM7EkxdOyRUtPzj7U0JJr+jUa1TF9K2IOuB++26mpAM6zxRA3+VDg812yEQ
te/v/FeqSiLeLeZRh+NYLeoMzGX+t/7rN1JNQOsO3Vb9l1htEWQ=
=gsp9
-----END PGP SIGNATURE----- -----END PGP SIGNATURE-----

17
how-to-create-encrypted-paper-backup/qr-clone.sh.asc
View File

@ -1,16 +1,7 @@
-----BEGIN PGP SIGNATURE----- -----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEqYzNEiJDZVsm+vthH6dnhiu9EwUFAmCP4IQACgkQH6dnhiu9 iHUEABYKAB0WIQSceIfhtfy84t/tDhwCxDrQctV3gwUCYdnnIwAKCRACxDrQctV3
EwUnZg//cXdL8ZPvwt4PQMQJSeAET/DNdFX72vYTjVLGUHXXf7xfut/LnBlX9Qbi g4B6AP0Rz4NIhfH7EZ4hqUkEYA67vyo85+CmumEfokL/X/XE1AD9Fuoybo6oXodt
HOHW0YriMYI6cKE8t29Rftxv/V1Fx5mvEYZk9hv/amqfrmTGgl+NchDfd5O+aKGA YzLqccq8TEfhkMgdevH+vHJv033Tsg4=
NJAkvVTmMbxCLQR9qR3+ebrkT99RA5qij9W9P3JeuhNvQ0xDuYmX33YVWI5I4l8q =2C0h
K/qeMJItGGZhHCyhG/kNxmHA9lggn3lOWD7PeEvhttpBteWKwJovKI8YNo4scMIz
mMrjrMS10lysocCmax4jyRyBTLPfQqe/HTJXTE2fWUVwish5339hYX9UgFBFqfhU
6mqtN3F0mQc/iyJDlZysf9t7Wg/HzGCMgsjfDtXN5+RPMLxZ5ytNy9+7i+EVL1rp
S4ZsTcnTQo8aJPCmaGaXPx69vTK0ui0f34fZVasuBFOTEhBj6ijKXDGdXJG+A8uY
esvL1gag00OkWzcNhOH6VuxAoK2of2z5omh2xdcp4gATHHBdKLfuLOsqcscy+Xnm
py+TJEVGGFeqGJYYWLSgL80U4g+wPuQ9cpQnAQnDdeXw6Xve5+K1j1d86wTmjW25
2eNmYWauRc5i1QKDD26BWNBXygKi14di+v/NI8WvW8KIBr+OeuMm+xxSQw5oqBQl
a5WwTM8hZSsnYE+LLz0ZBQMWAOA4WLcsa5ygWIKZEGTsA5L4TQw=
=Onmw
-----END PGP SIGNATURE----- -----END PGP SIGNATURE-----

17
how-to-create-encrypted-paper-backup/qr-restore.sh.asc
View File

@ -1,16 +1,7 @@
-----BEGIN PGP SIGNATURE----- -----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEqYzNEiJDZVsm+vthH6dnhiu9EwUFAmGFFnsACgkQH6dnhiu9 iHUEABYKAB0WIQSceIfhtfy84t/tDhwCxDrQctV3gwUCYdnnJQAKCRACxDrQctV3
EwWshRAAmPKfQkUYGF3pPhExBaQSv3fN028txLqklqRsGz9qd1RRLfFDQaH0u0Q6 g44yAQDmKKcbbshFJ96WzWx+j2cKtKlrNvSlbqngT/4beuApygEAi+qXuMdk67wl
62/WB53xQZM3Rhj7zn0mHwaKMqhuWYrs1149erUr+mp9ypTvYDhgyB7RVtzy7LCH TBZk28kCvJFFrt/sp2HUB441pYQyqQM=
fRuquH+9tEigQ/iff2Hx0CfLYnjUqf5mzU6ihgMvKVv0SqSCfaNg3yNZ6e0iOd9w =q62F
Guw//nX67jvhpnjFShQlNyM/RKX8yqr3ZSZzXLCoYAybuWbEuBwviYtJ4/hraDSz
g8Ev4+hAvR4EHtPyXjkJm5XWDBMspZ9rnoI4/D3bkCff/BR6znR1ZINWGlwU9qbt
azp6YnUt4HCWFi2BYvfMYQvsEC2ZrHC+sfFV6wmMl7vc3xQj00cyhMPKFPA3OU5c
WpZMdTEWCBkFuQjbvdwHSGmOct8adRH/1IqQdBAGIK33Koc3kWL587Sb7kFwFSu5
SKn28Y9cWRQq4oNexpAHvjdJvyLL6pPf3yWSv5oRybiq7r/t3w0fR4fyvTE2BwM8
pBDOUWOELXjUN8UbfoSzr4HM1HqY8fP2CK8IbYjjYGOQMFGD8dk3vJeBaIDLEbNT
S9LgLBkLszDJMqpXMJxPOUJzsxXH1tj5DYkijeXOd6pIJaaThS2UrS5KHClXn0O0
v+yiFB6O8V+LtHZ2v+jFWDny3QFKLJN/FiOi49DTanftYY+357E=
=NDhF
-----END PGP SIGNATURE----- -----END PGP SIGNATURE-----

17
how-to-create-encrypted-paper-backup/secure-erase.sh.asc
View File

@ -1,16 +1,7 @@
-----BEGIN PGP SIGNATURE----- -----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEqYzNEiJDZVsm+vthH6dnhiu9EwUFAmDCu1oACgkQH6dnhiu9 iHUEABYKAB0WIQSceIfhtfy84t/tDhwCxDrQctV3gwUCYdnnJwAKCRACxDrQctV3
EwX94A//Wn/nrkrGj81B0A5i/2e7k5eJAUUojOD3r9+9bR9zuJIrBrWM9B/hmPJM g/MUAQDSB3YHz/68M0mRjbdbi/MK5a9s5BlCgsz642fMqdzkkgD+JCZWAo/62Gqw
v0I6nuNZKuoROAACei6fg7rnRAbLIRBk/PwGt3kjRdmcOYdDnGBysLibaNA0T0hV NzD0pVWk2DKyevPimL1oQwVBkM7FwQA=
Nhu+t2hNWJmd3mTMP2HOHw9K5iH6AmSn5LzrRGua6edvf79UQW+N9G93U6N5gM6s =TI2X
BpkkK80d/byfVZ5MoHZcV+ZwRCYHyMDA6GgrdVPoK0ETn5N5iJSnAPPJyypFScQh
GN3mzatqZM3JkctrqLJOdC+YIrzuqq7aU8cbTrPI9Y4EnL5cGPsmwolnlrYZNwY4
WCEt6pS8ZOVc0xELVvLPqJB5Hg0/jlk2R5u2yY+kZNEwkJEnwDnbrXB3zBvnZqut
GHBclq/6KkKtET0LYTbHYcaK+LmM7LfPgbKQh6wr2uokjZqfdOKOfG/BVD8hekWd
mkbp0hL9RzvVXVm1bvFGeNXSB/UE2/l/U+AnZMm67hNYO3PI4O4R5AZddmA2I7iX
cWNK6Znb/MUzBJXqndKZMLL/QkWMD/Z9TH0cEoXH56uMGB2hT5L1buq1qKqsl+yG
8sGG44CM5yGweSZWiqdRl7dMVkMXkfbPQFRTH/cFgUeEMiWv05Ndjmtr7+5tHkB4
9xFikaeV7JQuBoLiyjunksQcOZrMS+4P/SCCJ+rtZeYKJJVpCUs=
=/N/D
-----END PGP SIGNATURE----- -----END PGP SIGNATURE-----

2
how-to-create-encrypted-paper-backup/test.sh
View File

@ -19,7 +19,7 @@ if [ -n "$1" ]; then
else else
printf "%s\n" "Running unit tests…" printf "%s\n" "Running unit tests…"
expect ./tests/bip39.exp expect ./tests/bip39.exp
expect ./tests/electrum.exp expect ./tests/passphrase.exp
expect ./tests/default.exp expect ./tests/default.exp
expect ./tests/shamir.exp expect ./tests/shamir.exp
expect ./tests/shamir-2-of-3.exp expect ./tests/shamir-2-of-3.exp

14
how-to-create-encrypted-paper-backup/tests/bip39.exp
View File

@ -2,8 +2,8 @@
source ./test.exp source ./test.exp
set bip39_mnemonic "online pipe enough dutch decorate want moment scheme rigid enlist blast boat purse sick chalk shop brush all return betray jacket salon abandon retire" set valid_bip39_mnemonic "online pipe enough dutch decorate want moment scheme rigid enlist blast boat purse sick chalk shop brush all return betray jacket salon abandon retire"
set electrum_mnemonic "month pet slice know amused leave now vague palm guess cattle element cross truly auto put among craft repeat van sample nephew sad family" set invalid_bip39_mnemonic "online pipe enough dutch decorate want moment scheme rigid enlist blast boat purse sick chalk shop brush all return betray jacket salon abandon check"
test_label "Should format flash drive and create BIP39 mnemonic" test_label "Should format flash drive and create BIP39 mnemonic"
@ -22,7 +22,7 @@ expect {
} }
expect { expect {
-re {mkfs\.fat 4\.1 \(2017-01-24\)} -re {mkfs\.fat 4\.2 \(2021-01-31\)}
} }
expect { expect {
@ -56,14 +56,14 @@ expect {
expect { expect {
-re {Please type secret and press enter, then ctrl\+d} { -re {Please type secret and press enter, then ctrl\+d} {
test_send "$bip39_mnemonic\r" test_send "$valid_bip39_mnemonic\r"
test_send "\x04" test_send "\x04"
} }
} }
expect { expect {
-re {Please type secret and press enter, then ctrl\+d \(again\)} { -re {Please type secret and press enter, then ctrl\+d \(again\)} {
test_send "$bip39_mnemonic\r" test_send "$valid_bip39_mnemonic\r"
test_send "\x04" test_send "\x04"
} }
} }
@ -95,14 +95,14 @@ expect {
expect { expect {
-re {Please type secret and press enter, then ctrl\+d} { -re {Please type secret and press enter, then ctrl\+d} {
test_send "$electrum_mnemonic\r" test_send "$invalid_bip39_mnemonic\r"
test_send "\x04" test_send "\x04"
} }
} }
expect { expect {
-re {Please type secret and press enter, then ctrl\+d \(again\)} { -re {Please type secret and press enter, then ctrl\+d \(again\)} {
test_send "$electrum_mnemonic\r" test_send "$invalid_bip39_mnemonic\r"
test_send "\x04" test_send "\x04"
} }
} }

32
how-to-create-encrypted-paper-backup/tests/electrum.exp
View File

@ -1,32 +0,0 @@
#!/usr/bin/expect
source ./test.exp
test_label "Should create Electrum mnemonic"
spawn qr-backup.sh --create-electrum-mnemonic
expect {
-re {Format USB flash drive \(y or n\)\?} {
test_send "n\r"
}
}
expect {
-re {\[sudo\] password for pi:} {
test_send "$env(password)\r"
}
}
expect {
-re {Creating Electrum mnemonic…}
}
expect {
-re {([a-z]+ ?){24}} {
test_ok true
}
eof {
test_failed
}
}

61
how-to-create-encrypted-paper-backup/tests/passphrase.exp Normal file
View File

@ -0,0 +1,61 @@
#!/usr/bin/expect
source ./test.exp
test_label "Should create 7-word passphrase"
spawn qr-backup.sh --create-passphrase
expect {
-re {Format USB flash drive \(y or n\)\?} {
test_send "n\r"
}
}
expect {
-re {\[sudo\] password for pi:} {
test_send "$env(password)\r"
}
}
expect {
-re {Creating passphrase…}
}
expect {
-re {([a-z]+ ?){7}} {
test_ok true
}
eof {
test_failed
}
}
test_label "Should format flash drive and create 5-word passphrase using short #1 wordlist"
spawn qr-backup.sh --create-passphrase --wordlist short1 --word-count 5
expect {
-re {Format USB flash drive \(y or n\)\?} {
test_send "n\r"
}
}
expect {
-re {\[sudo\] password for pi:} {
test_send "$env(password)\r"
}
}
expect {
-re {Creating passphrase…}
}
expect {
-re {([a-z]{3,5} ?){5}} {
test_ok true
}
eof {
test_failed
}
}

17
how-to-create-encrypted-paper-backup/tmux-buttons.py.asc
View File

@ -1,16 +1,7 @@
-----BEGIN PGP SIGNATURE----- -----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEqYzNEiJDZVsm+vthH6dnhiu9EwUFAmCBdosACgkQH6dnhiu9 iHUEABYKAB0WIQSceIfhtfy84t/tDhwCxDrQctV3gwUCYdnnEwAKCRACxDrQctV3
EwVO0w/+OuHCOnL3nAF0ShoQx2851IFsuiJHP3FHKpQNBIqde4DhudYDjusrOyGR g6rWAQCUjlEHE0kRp5k+8NSRo8aF+RwW+GnxuNQBmu85Y04vwwD8CEZ6P8CY8db7
NnmCo6gotUMVqzCUaqPhC23tUzUYB4KhpjDA/mz0HTEr1JIFQvxa0N1AMW0HnsnZ Ue24uMziRf1yygg2TmsJUzQn6wqD6wA=
EJLi53eCzjx+9lA8Wy+Okh+mZtM5hflatv/yONIrXyMXV+jDk0sgWJ1amxQvPEaT =xIQi
D/L/9LGvJ9S7QQ/BJfxNVLu+CkBJAqxr8IPKG+mLJMX9nChF+AXu58xGmH35YZtP
nQwjEINFhUziTIyJJwRSLKZa96LhPkXLFtdfDcgs8br+T+Hjaa9AOGd9WJiU1SkX
p3F1rsbeC1w7KEsbFG1KkyS4KQe4oOFMXBGhBtvTiSXn/f7BWjJ6G3vMImzBWJ7I
tszifz/xcVxYsTHMfjtCMIvS+Es/wqAn6MOzsLJwc6T6qT+hz2bA+aP4MM2BQ2QB
mzeEavFumvlpFrCnEbeKNF+WyNK3ULDOEBrK1B1sT+CBzVmQm0RVovgs9Diqsxfi
zEYDnjY569tr9lh6rYHm9IjC4lMsQ7d8u/seaFROqK0BFd9vezItDFOYz2YqI06M
pTYTghBymSlxBgWspieBggH62Ji7wD+0t3MW0f34O4i226h9Ol7CWj9luA5MGADB
I2by6x5m9m5L6aK0ipD/hP/n3uUHvFitnPjNYY3FJvCYXLMME1I=
=RWAj
-----END PGP SIGNATURE----- -----END PGP SIGNATURE-----

17
how-to-create-encrypted-paper-backup/trezor-restore.sh.asc
View File

@ -1,16 +1,7 @@
-----BEGIN PGP SIGNATURE----- -----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEqYzNEiJDZVsm+vthH6dnhiu9EwUFAmCP4KwACgkQH6dnhiu9 iHUEABYKAB0WIQSceIfhtfy84t/tDhwCxDrQctV3gwUCYdnnKwAKCRACxDrQctV3
EwWETQ/9H4WZ0xDCmRbYm52KZux3Bf57BRY0ztKFCrvAC99GeMnKLZLPJ0s/FPsG gwsaAP9oONMyAeSHvuy/ypriPSHJYU2Qrkiq3ScWTfCx0vDnugD/X+8xuq3V5OdU
YquUqi3GcGCy1amxR4qFSO0NVEHq8d/iJw9zS1XQSccOBtDkxg8EafFp3Cs6CPAm 5p/mJx0T5KCT7f3J726Lwh3QtQtEBgg=
8txrbVu+TJTEs9kTAhdhsDhJcDfuezFOCHE3wcCWUKRLDLbikoTfFoDELtpbf5qg =cC3d
yHixG7YzoeutyzYaVXdKJq/E5ar+hM+Z4GGavhZuh6FAaMCcwt6GtcTWAmz8SVI0
dnpMlX0nAgCCKrDQFtI+7dSTggrFsnxjQY9i175wkKXqXFFNTTOoGlp8672cYDZ+
UUmb5q/oNf7+6aHgOiReKQeG/sjscxCKj3Z3FA5pZ/Hptv84zD5d8Ur59HL9yIcC
MZHOrSd6tMqxAq4cfMyTb/FYvgw4mey+Cnr8FTG5o5NAitCPsVCAeVSKBO6WtJY2
MILULjp862yfnSfusnUvZWQOqVac/uVad+eXbEHouPktZRVbm5LDKS5lN5JU/w3s
DNIWzPDHFDFr9kNCkYq9//UJTBTrP3UYz8kXzEYxnlRAPStMzEWI7gcbzybcWNDu
3B8uGl2DTv/ntN/ezhCZYjil0fQ9eowOZTyImr8d8ecK2Nmazm/fyJs20sZOc0wE
tKcbRPkkSxSnWAoTX1zK7JkROpXXd1xfiLO2So9x9LpIndYolkc=
=bll5
-----END PGP SIGNATURE----- -----END PGP SIGNATURE-----

17
how-to-create-encrypted-paper-backup/trezor-verify-integrity.sh.asc
View File

@ -1,16 +1,7 @@
-----BEGIN PGP SIGNATURE----- -----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEqYzNEiJDZVsm+vthH6dnhiu9EwUFAmCP4LYACgkQH6dnhiu9 iHUEABYKAB0WIQSceIfhtfy84t/tDhwCxDrQctV3gwUCYdnnLgAKCRACxDrQctV3
EwWw6A//X4BTQjyeUm77HVC4eQPS0wTWEN3sucAJJBa+1PkFR65zWVYll3WouAyT g5JMAQD0jymqgrXRrBS0W50SYEzYtTZWntbXp08NywqEFl2xEQD/QM3LwseRO6ZN
wgwO993ikiYcCdctc6S59k2uJogQJq7meX0dlUQn0NCT/p31wVSH8J8h6V+gxqSz C+4P4+5mAIKBwNtgnKje+7MzJANQBQI=
+mtZap2hVf4dBPbseHTlf4akEJPtgqAJXwhXONkXgbGsgzf0FV7DsCNBsySJTTcY =1xbl
VCerMMrnVNdkDr1pVIwUYn0+ZcMko5U6wYstzKZfPJmbKxRkvlkxqgB0TuCDxgSe
pDiNMooU0pYxjWVm7XpYzTiMXz1huEq/jWXMn/Il/8v9bn5uFTG/1sVZ5XwNGyQP
hUBPevlrQ1TP4EDAmS4OQiJcJFWEZIWqO6SCCn9MjYYoBJ4Lyn4G3hwgh4KShD6g
pvEKWP8Mvpb3BVoTBEzN8JHsJYgEdzNPQyrFyc1//NUDo7VKURFwAakFQIqGTITe
LpNXFNhodHkSgJfABzZ0U1YogvCG+wPR+9VDOO8bvi5xoHoeYBar1f2KXhshH/Jb
PfGGcwyBV07nqFgbjb247NWqsXZq0S4+q4KzIaRHiG1Ffn6A9RDIneeCwnpkDIQ3
ocEVSs3XDhOrxA3E/F4k6Ufid+XLSMD0W6TmryQx8nCUeZOeyeb/EbhPU9V/az4K
huWkg3pWfVCYLzzGT3ZC0DloL+AT2lsxpdkD/4acmYEmrlyUC9U=
=GPw2
-----END PGP SIGNATURE----- -----END PGP SIGNATURE-----

17
how-to-create-encrypted-paper-backup/update.sh.asc
View File

@ -1,16 +1,7 @@
-----BEGIN PGP SIGNATURE----- -----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEqYzNEiJDZVsm+vthH6dnhiu9EwUFAmC83VoACgkQH6dnhiu9 iHUEABYKAB0WIQSceIfhtfy84t/tDhwCxDrQctV3gwUCYdnnMAAKCRACxDrQctV3
EwUBDg//chGKJ4jOAb1gJfFk5tsz+ePSwNCCjt2NQY4uql/dg9DlBS2eKbw8DOA2 g1rEAP9kdXSOITUqf1aHhxGesazC2ljpRJxW3ZLxDIhIkiG+GQD/Xv4Y1MfXm8D3
V9Ykcptn94pNYBYRRfk11qTMPb7Mm4LDccZY94ghSAvxs6uJYt7feU7nw99QGyHZ K+kA3j/siWRM96b51M89ERGkt3xeDwg=
ujKqfXMW1di5cJ/8yb/B3qnSVDSQiQ9gGesAMATwJnxmD0W3Q+sf/8V8/CF1rWlZ =xSK7
Xr5ktbQv5nSeJ4msrPGBlV9pJ7pYitnSc2HKdh2e+uPWapVY3Pquey2COx3qfI55
vNqS/zB7R9GA7MbVd5tZEZhPTp9PBNLXtBFsxCNud1Lcq7JynuTeoRCdmYl7nZr7
m2uxCcvws6YWJxO6LsNJrWaN8sjLYMp/EvgCTwolg8hXvmEnwYLnRovKGDWMsDgG
KN2nXhqXOvAIx35YgYMPgQ3aNdp1lrw1UpBWh8RC2pKFiUyI11pCqRIydShPxPLk
Vam0NBsWUhurw/kdKPzS9xnV+KAdfZtlffKVFFJ9pVCoW8Nd74DP/cEYEKw2ULyB
rDyVNTehnMj6dAEcGMMuR5VegLwBTDXM3qgtUAWs0uI5cUVoBjHlnzmcxK1DJebf
3Al4cpHyhqDTtMc/6PKO2drnLEsQRu9F8lL6CVyIugjuFqhCtUwbCsdOBM1V5pxl
XMnyx98qM1tNCRQ8j0lH5pWM1gnUQHqkJBCQACH8TgXQEjsBO+I=
=uYDp
-----END PGP SIGNATURE----- -----END PGP SIGNATURE-----

17
how-to-create-encrypted-paper-backup/validate-bip39-mnemonic.py.asc
View File

@ -1,16 +1,7 @@
-----BEGIN PGP SIGNATURE----- -----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEqYzNEiJDZVsm+vthH6dnhiu9EwUFAmB4b8IACgkQH6dnhiu9 iHUEABYKAB0WIQSceIfhtfy84t/tDhwCxDrQctV3gwUCYdnnFQAKCRACxDrQctV3
EwW89xAAg9D7Sv99IRD8gV9z8Jn9zirPE4uJIs4PQardKDniIqmHjz2MFNXTdzAW g/bZAPwLkeHdtcs0nP4552wZ3ynNRGIQN8vuhp/NR+yrY6pZlAEA18d/qUZcJDO4
C7VKLM8LBkM4E2UXhBfQSfnbG8i4CAIZfOP2vvEMFuBS5C/O+PmWuwCM+REIg1K6 2ZIKLyEsuZxJJzcEiYjz2bj1kn7ykQk=
Urn29l55ljgZ9l0o0URkCx4jGtvtTiHEP1UhiuRnA1f2IO0AMT4fEhSNCoo9IAwT =YMVc
lcd+5qH1sRiHTR9JdiUVkAzw6qhB7tsHR2qyhQnZQQ8F8sJiqBC176AmZHK2L86A
T3BrK1TNrJtfRxocx3qrUwDJVp38LNFoMOFUKxKht6KCaVz7C6q7yaJnBkRRxm5r
skIS8LzkWa6Yr5wm7M0kvckW8pElQ3EjFYuJaNyLvVxNPCDLZo39Em7oxTWZ6HqP
y7ukVfcy5MbD/tqH2tWS/L89FULRwUkn8BK8HdYFBJgr8o/HTMzntpPF7hSJwMbH
FH6CwFUOGxe5pIVpFb2FnBpMQeO8yrIGtbzWm76Jf5EFqyxBHJaVv+H60QU4BsEW
rxjeFcMqJk9IjK9r0nIJ91YP0+8g6YRATD5nXbITh06c9oHSTspkHjOUkrlG8SCQ
AaAGG8uXKKHLpV1PBHPqDCk2lTBkT0TrddhnEBbLDxvxfXOSharapC4jMv+smM2b
lVJr+M8W+VDZ0iqk0+bYMNq9ymJOFkXwwMsvsGF3eJANU8yi2fk=
=blqh
-----END PGP SIGNATURE----- -----END PGP SIGNATURE-----