s83/privacy-guides
1
0
Fork 0
mirror of https://github.com/sunknudsen/privacy-guides.git synced 2025-02-23 17:43:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

Improved Shamir Secret Sharing feature

Browse Source
This commit is contained in:
Sun Knudsen 2021-04-15 19:41:12 -04:00
parent fd7da45d10
commit 3c3bec5a5e
No known key found for this signature in database
GPG Key ID: 1FA767862BBD1305
9 changed files with 201 additions and 119 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
how-to-create-encrypted-paper-backup/README.md
View File

@ -101,7 +101,7 @@ $ source ~/.bashrc
```console
$ sudo apt update
$ sudo apt install -y autopoint build-essential git libv4l-dev libtool
$ sudo apt install -y autopoint build-essential git libjpeg-dev libmagickwand-dev libtool libv4l-dev
```
#### Clone zbar repository
@ -684,8 +684,7 @@ Options:
--shamir-secret-sharing split secret using Shamir Secret Sharing
--number-of-shares number of shares (defaults to 5)
--share-threshold shares required to access secret (defaults to 3)
--no-encryption disable symmetric encryption (shamir-only)
--no-qr disable “Show SHA512 hash as QR code”
--no-qr disable show SHA512 hash as QR code prompt
--label <label> print label after short hash
-h, --help display help for command
@ -725,7 +724,7 @@ $ qr-restore.sh --help
Usage: qr-restore.sh [options]
Options:
--shamir-secret-sharing split secret using Shamir Secret Sharing
--shamir-secret-sharing combine secret using Shamir Secret Sharing
--share-threshold shares required to access secret (defaults to 3)
--word-list split secret into word list
-h, --help display help for command
@ -760,6 +759,8 @@ Usage: qr-clone.sh [options]
Options:
--duplicate duplicate content
--qr-restore-options see `qr-restore.sh --help`
--qr-backup-options see `qr-backup.sh --help`
-h, --help display help for command
$ qr-clone.sh

144
how-to-create-encrypted-paper-backup/qr-backup.sh
View File

@ -1,6 +1,9 @@
#! /bin/bash
set -e
set -o pipefail
shamir_secret_sharing=false
number_of_shares=5
share_threshold=3
@ -20,8 +23,7 @@ while [[ $# -gt 0 ]]; do
" --shamir-secret-sharing split secret using Shamir Secret Sharing" \
" --number-of-shares number of shares (defaults to 5)" \
" --share-threshold shares required to access secret (defaults to 3)" \
" --no-encryption disable symmetric encryption (shamir-only)" \
" --no-qr disable “Show SHA512 hash as QR code”" \
" --no-qr disable show SHA512 hash as QR code prompt" \
" --label <label> print label after short hash" \
" -h, --help display help for command"
exit 0
@ -52,10 +54,6 @@ while [[ $# -gt 0 ]]; do
shift
shift
;;
--no-encryption)
no_encryption=true
shift
;;
--no-qr)
no_qr=true
shift
@ -96,19 +94,20 @@ wait_for_usb_flash_drive () {
wait_for_usb_flash_drive
printf "$bold%s$normal\n" "Format USB flash drive? (y or n)? "
printf "$bold%s$normal\n" "Format USB flash drive (y or n)?"
read -r answer
if [ "$answer" = "y" ]; then
if mount | grep $usb > /dev/null; then
if mount | grep $dev > /dev/null; then
sudo umount $dev
fi
sudo mkfs -t vfat $dev
fi
sudo mkdir -p $usb
if ! mount | grep $usb > /dev/null; then
sudo mount $dev $usb -o uid=pi,gid=pi
if ! mount | grep $dev > /dev/null; then
sudo mount $dev $usb --options uid=pi,gid=pi
fi
if [ -z "$duplicate" ] && [ "$create_bip39_mnemonic" = true ]; then
@ -127,16 +126,16 @@ fi
if [ -z "$duplicate" ] && [ -z "$secret" ]; then
tput sc
printf "$bold%s$normal\n" "Type secret and press enter, then ctrl-d"
printf "$bold%s$normal\n" "Please type secret and press enter, then ctrl+d"
readarray -t secret_array
secret=$(printf "%s\n" "${secret_array[@]}")
tput rc
tput ed
printf "$bold%s$normal\n" "Type secret and press enter, then ctrl-d (again)"
printf "$bold%s$normal\n" "Please type secret and press enter, then ctrl+d (again)"
readarray -t secret_confirmation_array
secret_confirmation=$(printf "%s\n" "${secret_confirmation_array[@]}")
if [ ! "$secret" = "$secret_confirmation" ]; then
printf "$red%s$normal\n" "Secrets do not match"
printf "$bold$red%s$normal\n" "Secrets do not match"
exit 1
fi
fi
@ -149,60 +148,36 @@ if [ -z "$duplicate" ] && [ "$validate_bip39_mnemonic" = true ]; then
fi
fi
if [ "$duplicate" = true ] && [ -n "$encrypted_secret" ]; then
printf "%s\n" "Duplicating encrypted secret…"
else
if [ -z "$shamir_secret_sharing" ] || ([ "$shamir_secret_sharing" = true ] && [ -z "$no_encryption" ]); then
encrypted_secret=$(echo -n "$secret" | gpg --s2k-mode 3 --s2k-count 65011712 --s2k-digest-algo sha512 --cipher-algo AES256 --symmetric --armor)
gpg-connect-agent reloadagent /bye > /dev/null 2>&1
fi
read_passphrase () {
local -n data=$1
printf "$bold%s$normal\n" "Please type passphrase and press enter"
read -rs data
printf "$bold%s$normal\n" "Please type passphrase and press enter (again)"
read -rs data_confirmation
if [ ! "$data" = "$data_confirmation" ]; then
printf "$red%s$normal\n" "Passphrases do not match"
return 1
fi
if [ "$shamir_secret_sharing" = true ]; then
if [ -n "$encrypted_secret" ]; then
secret="$encrypted_secret"
fi
share_number=1
for share in $(echo -n "$secret" | secret-share-split -n $number_of_shares -t $share_threshold); do
printf "$bold%s$normal\n" "Generating share $share_number or $number_of_shares"
encrypted_secret="$share"
encrypted_secret_hash=$(echo -n "$encrypted_secret" | openssl dgst -sha512 | sed 's/^.* //')
encrypted_secret_short_hash=$(echo -n "$encrypted_secret_hash" | head -c 8)
printf "%s\n" "$encrypted_secret"
printf "%s: $bold%s$normal\n" "SHA512 hash" "$encrypted_secret_hash"
printf "%s: $bold%s$normal\n" "SHA512 short hash" "$encrypted_secret_short_hash"
echo -n "$encrypted_secret" | qr --error-correction L > "$tmp/secret.png"
font_size=$(echo "$(convert "$tmp/secret.png" -format "%h" info:) / 8" | bc)
text_offset=$(echo "$font_size * 1.5" | bc)
if [ -z "$label" ]; then
text="$encrypted_secret_short_hash $share_number"
else
text="$encrypted_secret_short_hash $label-$share_number"
fi
convert "$tmp/secret.png" -gravity center -scale 200% -extent 125% -scale 125% -gravity south -font /usr/share/fonts/truetype/noto/NotoMono-Regular.ttf -pointsize $font_size -fill black -draw "text 0,$text_offset '$text'" "$usb/$encrypted_secret_short_hash.jpg"
if [ -z "$no_qr" ]; then
printf "$bold%s$normal\n" "Show SHA512 hash as QR code? (y or n)? "
printf "$bold%s$normal\n" "Show passphrase (y or n)?"
read -r answer
if [ "$answer" = "y" ]; then
printf "$bold%s$normal\n" "Press q to quit"
sleep 1
echo -n "$encrypted_secret_hash" | qr --error-correction L > "$tmp/secret-hash.png"
sudo fim --autozoom --quiet --vt 1 "$tmp/secret-hash.png"
fi
printf "%s\n" $data
fi
}
if [ "$shamir_secret_sharing" = true ]; then
read_passphrase passphrase
share_number=1
for share in $(echo -n "$secret" | secret-share-split -n $number_of_shares -t $share_threshold); do
printf "$bold%s$normal\n" "Encrypting secret share $share_number of $number_of_shares"
encrypted_secret=$(echo -n "$share" | gpg --batch --passphrase-fd 3 --s2k-mode 3 --s2k-count 65011712 --s2k-digest-algo sha512 --cipher-algo AES256 --symmetric --armor 3<<<"$passphrase")
share_number=$((share_number+1))
done
else
encrypted_secret_hash=$(echo -n "$encrypted_secret" | openssl dgst -sha512 | sed 's/^.* //')
encrypted_secret_short_hash=$(echo -n "$encrypted_secret_hash" | head -c 8)
@ -224,7 +199,52 @@ else
convert "$tmp/secret.png" -gravity center -scale 200% -extent 125% -scale 125% -gravity south -font /usr/share/fonts/truetype/noto/NotoMono-Regular.ttf -pointsize $font_size -fill black -draw "text 0,$text_offset '$text'" "$usb/$encrypted_secret_short_hash.jpg"
if [ -z "$no_qr" ]; then
printf "$bold%s$normal\n" "Show SHA512 hash as QR code? (y or n)? "
printf "$bold%s$normal\n" "Show SHA512 hash as QR code (y or n)?"
read -r answer
if [ "$answer" = "y" ]; then
printf "$bold%s$normal\n" "Press q to quit"
sleep 1
echo -n "$encrypted_secret_hash" | qr --error-correction L > "$tmp/secret-hash.png"
sudo fim --autozoom --quiet --vt 1 "$tmp/secret-hash.png"
fi
fi
share_number=$((share_number+1))
done
else
if [ "$duplicate" = true ] && [ -n "$encrypted_secret" ]; then
printf "%s\n" "Duplicating encrypted secret…"
else
read_passphrase passphrase
printf "$bold%s$normal\n" "Encrypting secret…"
encrypted_secret=$(echo -n "$secret" | gpg --batch --passphrase-fd 3 --s2k-mode 3 --s2k-count 65011712 --s2k-digest-algo sha512 --cipher-algo AES256 --symmetric --armor 3<<<"$passphrase")
fi
encrypted_secret_hash=$(echo -n "$encrypted_secret" | openssl dgst -sha512 | sed 's/^.* //')
encrypted_secret_short_hash=$(echo -n "$encrypted_secret_hash" | head -c 8)
printf "%s\n" "$encrypted_secret"
printf "%s: $bold%s$normal\n" "SHA512 hash" "$encrypted_secret_hash"
printf "%s: $bold%s$normal\n" "SHA512 short hash" "$encrypted_secret_short_hash"
echo -n "$encrypted_secret" | qr --error-correction L > "$tmp/secret.png"
font_size=$(echo "$(convert "$tmp/secret.png" -format "%h" info:) / 8" | bc)
text_offset=$(echo "$font_size * 1.5" | bc)
if [ -z "$label" ]; then
text="$encrypted_secret_short_hash"
else
text="$encrypted_secret_short_hash $label"
fi
convert "$tmp/secret.png" -gravity center -scale 200% -extent 125% -scale 125% -gravity south -font /usr/share/fonts/truetype/noto/NotoMono-Regular.ttf -pointsize $font_size -fill black -draw "text 0,$text_offset '$text'" "$usb/$encrypted_secret_short_hash.jpg"
if [ -z "$no_qr" ]; then
printf "$bold%s$normal\n" "Show SHA512 hash as QR code (y or n)?"
read -r answer
if [ "$answer" = "y" ]; then
@ -236,6 +256,6 @@ else
fi
fi
sudo umount $usb
sudo umount $dev
printf "%s\n" "Done"

26
how-to-create-encrypted-paper-backup/qr-backup.sh.sig
View File

@ -1,16 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEqYzNEiJDZVsm+vthH6dnhiu9EwUFAmB4hZcACgkQH6dnhiu9
EwWtixAAtExvLc25xi20ahxm1xdQ1nl0r0E0vglXMdcTW+JIYxDKX2u5PqwM2hE9
ijdjd49uAuwoukIfRPHHLzlqT1Cmne/wANIphFUTK6utdN5VqjvwIb3riyy4UhlM
XcfIzFcKBq054Kly41CiyTF0s4620glWziR9zENJEFNszPx8vZg7KMtVke0tVFrG
DD3NgxG5RnyCrZ1VxMqI/VW6jY+GumFQf/8NT4KUi5fI0NjNvKhRruUMWfh4zHpc
mC3uZr42DaUSB6NK3QN9ImSEUy4idXeYGGL33CXj0jVhp0cG51TGLM45IKTOI3WU
vbE3byjlH/D8qZ+JR1eqvcotn2ZLGMnSP9Eo97JcJN0phVgGyYTdoYP0tukyuNeQ
yjWFvu+9DKGkpmg8uYr5e5JSoeI5zT1B0ItGCKhrYMg7vuV5bnfPUiqJwy9UxJVb
BCEyvXL9aeX7AgoKlIzYXJNzz7OHZvB4gvCt5kZpCKIu1fn0zvCEBGRHsorW48+d
u+3GcS8DnPukEJdPid6O4vso74FlCtw9E29i610comMeqqNY1XeIWXxfVlQd3dX3
/HV085Kmbekg/uWtNmqqHoqfnaM1Ik9hA429ewGh1pBeHhjU/YDb4DuCMOvS+cwU
3mtQ9UGTVmM//ghUkLd0sSLoC/oVBWxlaTAxeerEcZqtSm1jWZA=
=jcbd
iQIzBAABCgAdFiEEqYzNEiJDZVsm+vthH6dnhiu9EwUFAmB7OOAACgkQH6dnhiu9
EwXjPg//VtWqugIVSPKBE2HBTKr4Pp9EDBSuLy1nI/Dq89vxU74BjXovDFN02iLv
J7t7vgQ1gk4zfisMdPi199GrgKOVE6Ke1xxHbRWIdWRTBF+7hcNzEm7YCd+HfrMq
S1dEMbN+2xxDm9NJJ506d9BPS5GicOY+0yu1BAOonKioIgrBwPCcAhjA6Miws8+/
E0XIhNErSwqVOPQcRlRLhhIWIT6iMZgMOLPUpTHna7KfOlmfCcbNzlxHxBPO8OV7
4LruoGqDRQAk5h6pXKf95WVaDioUe4SHDvdq0tLjDNqMBZ0Fur9PBCzDcHc3KDaq
XwWKldxIWvjTGLD7I2Jz7Y6/vnANoibQpJ20yXTS1KTZiVqRJbZI76NHz+Tm6ZJ1
hVMjl+ZUAHrDnCIFxBdirJh62pBPRFvvC/FmbluNUuUQXPNs5E+62LDlkzMwN4XI
fmhiFj5karjsIk7TYAXyeOb8dQQXTohfsY0YTUBSAt09Pb0L3Dq4kSVm79gEXaem
5WIy4UawC3yj2lA4EaqyVUrA7oldMM7AIUfIo1niKNMPnrjaP9VdHJQR0g4QSMms
VnTxcrJPT7t4BkEgvjc43vTEAkVtGqZv32nmT8aLAhy3GERH//ZDqFe3wvqw0VGM
hI+lXgTwywALCna9cqOmWD/cktmq/riG0aB9SQGPluqI80elaO4=
=CTqJ
-----END PGP SIGNATURE-----

27
how-to-create-encrypted-paper-backup/qr-clone.sh
View File

@ -1,6 +1,7 @@
#! /bin/bash
set -e
set -o pipefail
positional=()
while [[ $# -gt 0 ]]; do
@ -12,6 +13,8 @@ while [[ $# -gt 0 ]]; do
"" \
"Options:" \
" --duplicate duplicate content" \
" --qr-restore-options see \`qr-restore.sh --help\`" \
" --qr-backup-options see \`qr-backup.sh --help\`" \
" -h, --help display help for command"
exit 0
;;
@ -19,6 +22,16 @@ while [[ $# -gt 0 ]]; do
duplicate=true
shift
;;
--qr-restore-options)
qr_restore_options=$2
shift
shift
;;
--qr-backup-options)
qr_backup_options=$2
shift
shift
;;
*)
positional+=("$1")
shift
@ -34,19 +47,9 @@ normal=$(tput sgr0)
tput reset
printf "%s\n" "Restoring…"
if [ -z "$duplicate" ]; then
printf "$bold%s$normal\n" "Type qr-restore.sh options and press enter (see “qr-restore.sh --help”)"
read -r qr_restore_options
fi
. qr-restore.sh $qr_restore_options
eval . qr-restore.sh $qr_restore_options
if [ -n "$secret" ] || [ -n "$encrypted_secret" ]; then
printf "%s\n" "Backing up…"
printf "$bold%s$normal\n" "Type qr-backup.sh options and press enter (see “qr-backup.sh --help”)"
read -r qr_backup_options
. qr-backup.sh $qr_backup_options
eval . qr-backup.sh $qr_backup_options
fi

26
how-to-create-encrypted-paper-backup/qr-clone.sh.sig
View File

@ -1,16 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEqYzNEiJDZVsm+vthH6dnhiu9EwUFAmB4hZoACgkQH6dnhiu9
EwUgRA//Y8lBVFesXa9T/cJElyV/E3xQOpKvQ5xaxl5gPVyVwu0zzZjPFEJ+rzNn
vHNTWpDFCqhznglQGSNDDpLW29yaMay2iujQBTFjI7P74cqST+M0hnly3UMiqQ0u
PLmT54hnmpEeZGVsumkN3fvzOPZ7x5d9k5niJ0KJWAlwypspzB/i6dHumjKZYkHz
Ji6SrIOzxd2fBfMN0Y6w5z966UCekWUhTkXCfvLPzWcc8zitOZfdh7Ahs6jjHv1w
jCwkSlVWuDHPLaKESyXrsrbU2zQif+FHU6QkudJqK9ewD2hR6Vm0juYSPqNPw3k6
ByBQXYYOglKlrvKXQ4kvPTuU1bpjwmG1OhLLquOE3aWHoN73UBB4bNYAJ8+onJjQ
XSvm3KYpGGec/3j96qe5IH+deYpyWmAPVWpA1Dnw0iRMy/OPhe+o/wAaz92tVaSP
Ijv/absAlKSxFJceSgoKF0gYHuLVtzDjLkgtnBtH7FUKdISDCSMyAfXXwcXJNcwT
1JARusrnWE+FsE2FpFs9RsDv0hRzSV2N/+GuGkBsLRxXjDsGYj/EAwb75UcHQG7s
uGcuLyDgQV97VDs+5sD9Tqp07kUJ93nk5fRRSJNz8srGDhxDntO3eEqsPSo5hnnO
OuGmF8NyirJkizR41WJNk2O3s14UMa2ag1r0HxUrAiezvgCL3yw=
=mqR/
iQIzBAABCgAdFiEEqYzNEiJDZVsm+vthH6dnhiu9EwUFAmB7OOMACgkQH6dnhiu9
EwWyoQ/8Cmu9zwUXYxCPZaM4IuX9TnMxtYUPKe4bbtzz6pSaK71oui+bbYCMBBcT
Y3fRfJOu7z4cxST/2e8TazSaAvNQTLRGfJwtVLwLHlK47nkMFK5UGA4eHpSSlw+5
YbeRg1Vl7oO8qaMdtSbn9SktMWfefu9AclOq/sVCe7IkSBbUCpYxxIm2GtXXTl5F
Yep3FN2YM/lP7/X/Po9U/wnLSn03fz6t6TsYi0VDXMcMTFBZUgxJb/uYivVGN2jU
khU8baXtuO90Pg+gSlX2+cDcAGljd5j0KGyqTbS3/Xh2ea8QfcnQQ9NRmkXHN7HW
Su2lO2i9SWHaYFNloK8s9DjPOwe9uBjradze4/mTzpG/TJNscz8rGE5pRZX2r4hQ
YvYgG4Xi9nUllZdDLE4bQ0hxYD8m3L/TR+AeB1EjfqrGtOkZbzfME6R9Bi+Omkv2
oo15suQcTnYfPnTKyFVbJ79Q4DM26c4tlDjgNBXGrly12f7CybCiQUtuqegyGLv+
F6hObWwIywYLf/I8W3BX58CzHgJvsKwZ5x0kZSIIvD9B0skJU5g+ZmMCWxsW/ywe
j1beeZGVkKlPCdKZEuQeAdGWI+HWnVTf/6XmNEeyJOvV4tTPpwbBGmkNnptdDx/F
Lr1MhKWsUPTMtnIhsp2bkv6Fn41H+CthRnno+I5G8BqNjNs5+jk=
=qX0p
-----END PGP SIGNATURE-----

81
how-to-create-encrypted-paper-backup/qr-restore.sh
View File

@ -1,6 +1,7 @@
#! /bin/bash
set -e
set -o pipefail
share_threshold=3
@ -19,6 +20,11 @@ while [[ $# -gt 0 ]]; do
" -h, --help display help for command"
exit 0
;;
--images)
images=$2
shift
shift
;;
--shamir-secret-sharing)
shamir_secret_sharing=true
shift
@ -45,8 +51,22 @@ bold=$(tput bold)
red=$(tput setaf 1)
normal=$(tput sgr0)
dev="/dev/sda1"
tmp="/tmp/pi"
usb="/tmp/usb"
tput reset
if [ -n "$images" ]; then
IFS=',' read -r -a images <<< "$images"
sudo mkdir -p $usb
if ! mount | grep $usb > /dev/null; then
sudo mount $dev $usb --options uid=pi,gid=pi
fi
fi
scan_qr_code () {
local -n data=$1
@ -62,28 +82,59 @@ scan_qr_code () {
printf "%s: $bold%s$normal\n" "SHA512 short hash" "$data_short_hash"
}
read_passphrase () {
local -n data=$1
printf "$bold%s$normal\n" "Please type passphrase and press enter"
read -rs data
}
if [ -z "$duplicate" ] && [ "$shamir_secret_sharing" = true ]; then
for share_number in $(seq 1 $share_threshold); do
printf "$bold%s$normal" "Prepare share $share_number or $share_threshold and press enter"
read -r confirmation
scan_qr_code share
read_passphrase passphrase
if [ -n "$images" ]; then
for image in ${images[@]}; do
printf "%s\n" "Processing $image"
encrypted_share=$(zbarimg --quiet $usb/$image | sed 's/QR-Code://')
share=$(echo -e "$encrypted_share" | gpg --batch --passphrase-fd 3 --decrypt 3<<<"$passphrase")
shares="$share\n$shares"
done
encrypted_secret="$(echo -e "$shares" | secret-share-combine)"
else
for share_number in $(seq 1 $share_threshold); do
printf "$bold%s$normal" "Prepare secret share $share_number of $share_threshold and press enter"
read -r confirmation
scan_qr_code encrypted_share
share=$(echo -e "$encrypted_share" | gpg --batch --passphrase-fd 3 --decrypt 3<<<"$passphrase")
shares="$share\n$shares"
done
fi
secret="$(echo -e "$shares" | secret-share-combine)"
else
if [ -n "$images" ]; then
printf "%s\n" "Processing ${images[0]}"
encrypted_secret=$(zbarimg --quiet $usb/${images[0]} | sed 's/QR-Code://')
else
scan_qr_code encrypted_secret
fi
if [ -z "$duplicate" ]; then
printf "$bold$red%s$normal\n" "Show secret? (y or n)? "
read -r answer
if [ "$answer" = "y" ]; then
if [[ "$encrypted_secret" =~ "-----BEGIN PGP MESSAGE-----" ]]; then
secret=$(echo -e "$encrypted_secret" | gpg --decrypt)
else
secret=$encrypted_secret
read_passphrase passphrase
secret=$(echo -e "$encrypted_secret" | gpg --batch --passphrase-fd 3 --decrypt 3<<<"$passphrase")
fi
fi
if [ -z "$duplicate" ]; then
printf "$bold$red%s$normal\n" "Show secret (y or n)?"
read -r answer
if [ "$answer" = "y" ]; then
if [ "$word_list" = true ]; then
printf "%s\n" "Secret:"
array=($secret)
@ -103,4 +154,8 @@ if [ -z "$duplicate" ]; then
fi
fi
if mount | grep $dev > /dev/null; then
sudo umount $dev
fi
printf "%s\n" "Done"

26
how-to-create-encrypted-paper-backup/qr-restore.sh.sig
View File

@ -1,16 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEqYzNEiJDZVsm+vthH6dnhiu9EwUFAmB4hZ0ACgkQH6dnhiu9
EwW4ZhAAiHRDKjWgepGMlskT4AIOd9IyZGJ9S27p4ShZvRuEB6RWQVSP8I9Nrxdo
RV1cHcvecnUrWSDUZeS17R6+qQnqoHwwd8MhrJTTa2vizLQBhfJerhXrPLyDP7C7
vkhWDiKY6Bf47JykMTmXCFIZanpv3xppON7aNjDG/HhQ++MVaZitYCAzt5sHltFH
/7o62gvEx/QM2MNnEOvwS3mUI+LqVmtzs39NO+FsbFgxBw2LaCbQZTCWUk5WXrZ5
b8rUb1IfEhT8g+XljUTws95p4QlYOBadVLedKKC5COHWWfjwZQlKgfZWcTr1hKWL
FTWTLwRb5bxaGelky6Sm9Lk9vrxkG4WKhBBySVBJo14XNK0nCXLTkL3RZuECGvDF
TVXxJvSVI/OAbVeHCVmcyJy++mAcxQeUjRcWfTucMm0ISa1YHEA4L0utsDSPI1Ct
hSb1jmuJIb7lMMRtiPmhrWod2/LxJSA5d3fLvfRTz+JyggmfC5idHTYUEk72jpPh
XzugZl3lNOkMxB4LCWJcWadLx+H75AdVzZeYbZ5G1w+kiWSg5AKaqx436+ryVhAd
Pb2K2gYHoNXMnmpBlOdRmtzgePKSFNgtUCu4LkLWddZqzAHt8GYJo+0YnZ2rfGYl
6ylanmeFLCR3aDU90qCwNokNc93Sqp9fE8Vjc9GsNwwcpV0eV/4=
=IKBO
iQIzBAABCgAdFiEEqYzNEiJDZVsm+vthH6dnhiu9EwUFAmB7OOYACgkQH6dnhiu9
EwUy3w//ckQVIouZjTiNam7DBoyGUXw+lfXKKnkR0HEbLeUld0KvDh8fON1IB4GM
0eRIpkkbmW8Dp4uAnVxtcQKeEHTZfja7g04hD7AO0JjD7b1drtFjxny8Ue74lR4Q
kfIIcB4WEj7nAfEFffgHbihnt1R27shXFcbvWH11DkChXT0tpFZhN2QYqDzK+8t+
Ru4Xz+zQ6YDRv40YV4NRMJG8ju9xvfecPLRDK0aO0W/N7HNZMiMYP+ZqgpLlx+11
ru550caSKg8VlwywkjoKx84kmBCdhuc90BNgjOsLoL71naRo2f6N+PelUcWzF+VB
9J0yVrOq8el6oCfPxT9lnn3BcaVjMrQWHfTM4AllRYEpeU/MqdnknhnxCGlH/u3I
fov9kA/shgeAwQ266KTX+l+mPADE4uV0UWCT9vfXOUM9gkPzW040t1pwCqBqhJNP
Rwy9ppF4yIMgDZTokpt/s2JMhAHKYCqJRZKaQx0sf+eSO8Ye+SeyfrXYT79JiCT5
TYNBEClTLfPJIBx6g2HTxJoO/oKQr0J/usNXzqdN1y5Rzq9IVeyVOxw03VqLu7dW
eLfJm5sNUQZtwu8fwqzc3/gtsHchFXmd5700i35rCT/DxUdpEKTDtH/qlp3kqUez
5iJmmhsMKXL2AYXYroTAWo/FnPlALJ1+mE/8eWwYjDFjItUjGE8=
=9ATO
-----END PGP SIGNATURE-----

5
how-to-create-encrypted-paper-backup/secure-erase.sh
View File

@ -1,5 +1,8 @@
#! /bin/bash
set -e
set -o pipefail
rounds=3
positional=()
@ -52,7 +55,7 @@ waitForUsbThumbDrive () {
waitForUsbThumbDrive
printf "$bold$red%s$normal\n" "Secure erase USB flash drive? (y or n)? "
printf "$bold$red%s$normal\n" "Secure erase USB flash drive (y or n)?"
read -r answer
if [ "$answer" = "y" ]; then

26
how-to-create-encrypted-paper-backup/secure-erase.sh.sig
View File

@ -1,16 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEqYzNEiJDZVsm+vthH6dnhiu9EwUFAmB4haAACgkQH6dnhiu9
EwVeNA//Yz7KqK887qZyz9BcttZypKbeIrFneBiGM3A55iR3Yws5NFsFfLOH6BZo
KBkRHlFGyQWgWtev183TIhvkg1rbqQ0oGk+NQyLfWeAgxFVwLB4cXH/3MLahKZeq
BvP9IEBNBdjMjJX3jpMqex4AKPwj3/cEMI2XUAIM8GKJkFF7N5hXCzOK0ACfbMSe
lSZYtmarA/tjimtrNM1Bb3XsdohsbdZebzfTQdfSrch/Q0NO8j+FXlQ0Eo9CpX60
HSvD9/z5V4J2jhgudSv9H1IHdp4/ISpRoeETnNOc20Pglpp3anCU66tASsKpUsBl
T11R5T1cxBbCByolSnvZynkDApvlYx686VO38t5PjXH2Od5xHB18iA3y0/0JtGTK
4kPfUdOp0wbJkwaSbAaTTTAVHgiD3nHYiYmcLf6ZVwqDMaYWJcQvp0aYxZfw2Z8X
iU6zdU5CY58BIVJya2e8X6LVUQrpT+oBFtmaPR3Ax5CUIRvx4v95zGfTiRfO4cKl
HPIeLP+ankYu1eKxdNHRLNh/cNTO8nrFd9yiGFJumss+xaFfjEqLsNWn+ZbR+Cpx
jprd+jWJ6eKMPq0W3IewahMGZeWeP0VZxc4MwmqQdV2deqv39BzLyKsQzGzO8940
WWiCpRtEABTnfT6kw3pLxW9PKG9RYkbJ3EseeWmQP2PAG+kWxXw=
=R1pv
iQIzBAABCgAdFiEEqYzNEiJDZVsm+vthH6dnhiu9EwUFAmB7OOgACgkQH6dnhiu9
EwWxKhAAnXmr5WcAehYc3tl+AdBpvLaNHwr0yUr6NjV20xz4f/Y/bfHAQxkRnWRS
Pc5F0X2u3dU6Q6hr9rCZP6/J6V6nrd6omIKyiLPtCW9z3Ofitsb4Xy9rP7VuWYJy
10gOz0aWqNdgyb9CwQN30ELC5XNfDQbGQGypNzcdg9Yd1uxZhpucNgMdUGihje5Q
BYMYBKXdz0aVRRQn3u4qlyku6WdRe90Z+MgdW5wkU/YXKZC09BXzp2KTE5NNYq8l
HSyEWa0IwDvNBE8oW7yIgEzLbjmuWDnV71SDaWF7+aQgrpGYc7YuWBi2tAb5cd73
hsR/DoghldIUyHXS24AuSwyB7LgRQageutdjBy+QYCtI3NXS3CslyYcw/D3Fz83e
o6Yn0bpKzeu9fLk57uBxIpJBT2Lkag0ZdkkxIGwtj+mI3GYDEZVweQiS0t/+2JC5
SsbeEWAvE1wG/jMmQ/WJ34lOBr/hc7Gz1Vd7JwoIryJolflLS0wdI0zl5PsVaOeu
w3F1tk+hL4zgR087l96gdFVCHRNs4alrjgBopramSQCikbthErhe6S2LM+R55hSk
VIxxKVF7bq61gPbwGaNhhZJcgvUkhUd32/P9chuEitulh4MtD2A9f0OFVfooEtHP
j+zK40mZYyA1deY40iD2ORXeHtfswT/MKo8LWzVeZjX8Oa3yBj8=
=lEr/
-----END PGP SIGNATURE-----