s83/privacy-guides
1
0
Fork 0
mirror of https://github.com/sunknudsen/privacy-guides.git synced 2025-02-23 09:13:56 +00:00
Code Issues Packages Projects Releases Wiki Activity
privacy-guides/how-to-create-encrypted-paper-backup/README.md
Sun Knudsen 3d5cea224b
Polished encrypted paper backup guide
2021-02-25 15:00:00 -05:00

4.4 KiB
Raw Blame History

How to create encrypted paper backup

Requirements

Caveats

  • When copy/pasting commands that start with $, strip out $ as this character is not part of the command
  • When copy/pasting commands that start with cat << "EOF", select all lines at once (from cat << "EOF" to EOF inclusively) as they are part of the same (single) command

Setup guide

Step 1: log in to Raspberry Pi

Replace 10.0.1.248 with IP of Raspberry Pi.

When asked for password, enter password from step 1.

ssh pi@10.0.1.248 -i ~/.ssh/pi

Step 2 (optional): install Adafruit PiTFT monitor drivers and disable console auto login

Install Adafruit PiTFT monitor drivers

Heads-up: dont worry about PITFT Failed to disable unit: Unit file fbcp.service does not exist..

$ sudo apt update

$ sudo apt install -y git python3-pip

$ sudo pip3 install --upgrade adafruit-python-shell click==7.0

$ git clone https://github.com/adafruit/Raspberry-Pi-Installer-Scripts.git

$ cd Raspberry-Pi-Installer-Scripts

$ sudo python3 adafruit-pitft.py --display=28c --rotation=90 --install-type=console

Disable console auto login

sudo raspi-config

Select “System Options”, then “Boot / Auto Login”, then “Console” and finally “Finish”.

Step 3: configure keyboard keymap

Heads-up: following instructions are for Raspberry Pi keyboard (US model).

sudo raspi-config

Select “Localisation Options”, then “Keyboard”, then “Generic 105-key PC (intl.)”, then “Other”, then “English (US)”, then “English (US)”, then “The default for the keyboard layout”, then “No compose key” and finally “Finish”.

Step 4: install dependencies

$ sudo apt update

$ sudo apt install -y fim imagemagick zbar-tools

$ pip3 install pillow qrcode --user

$ echo "export GPG_TTY=\"\$(tty)\"" >> ~/.bashrc

$ echo "export PATH=\$PATH:/home/pi/.local/bin" >> ~/.bashrc

$ source ~/.bashrc

Step 5: download bip39.txt (PGP signature, PGP public key)

sudo curl -o /usr/local/sbin/bip39.txt https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/bip39.txt

Step 6: download qr-backup.sh (PGP signature, PGP public key)

sudo curl -o /usr/local/sbin/qr-backup.sh https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/qr-backup.sh
sudo chmod +x /usr/local/sbin/qr-backup.sh

Step 7: download qr-restore.sh (PGP signature, PGP public key)

sudo curl -o /usr/local/sbin/qr-restore.sh https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/qr-restore.sh
sudo chmod +x /usr/local/sbin/qr-restore.sh

Step 8: download qr-clone.sh (PGP signature, PGP public key)

sudo curl -o /usr/local/sbin/qr-clone.sh https://sunknudsen.com/static/media/privacy-guides/how-to-create-encrypted-paper-backup/qr-clone.sh
sudo chmod +x /usr/local/sbin/qr-clone.sh

Step 9: reboot

sudo systemctl reboot

👍

Usage guide

Create encrypted paper backup

Heads-up: use --bip39 to test secret against BIP39 dictionary.

qr-backup.sh

Restore encrypted paper backup

Heads-up: use --word-list to split secret into word list.

qr-restore.sh

Clone encrypted paper backup

qr-clone.sh

👍