Backups to host machine

Submitted by rphair on Wed, 09/22/2021 - 16:06

How to back up, and verify backups of, your low-security and high-security key folders

Hint: when saving your crypto key archives on your host computer (assumed compromised, likely to be backed up into the cloud, etc.), don't call them crypto-cold-keys.7z or anything that looks like an attractive target to hackers or spooks.

➤ Choose two filenames for these archives that mean something to you, and which you will never confuse between the two security levels of low- and high- security keys... because you never want to be entering that Frankenwallet password on your host environment by mistake!

TODO: EXPAND THIS OUTLINE

Backup creation

checking that your cold key encrypted archive has the contents you think it does, WITHOUT decrypting it anywhere but the frankenwallet...

  • example: payment.skey - where your life savings is stored.
  • first: open it both in the Frankenwallet, anywhere you may already have used it for signing successful transfers out of payment.addr - as a text file.
  • then: open it from the top.7z archive, or wherever you encrypted it, so it opens up in another tab.
  • It'll confirm in the tab headers for the text editor that one is the file in the encrypted archive and the other is your "known" good version of the file.
  • Switching back & forth between the tabs will verify that the files are the same.
    • You could do that by comparing checksums, but seeing the idential files is reassuring and you're like to remember it and feel a sense of safety later.

Backup verification

confirm that encrypted archive is the same as the one you have on your backup

  • make sure you close top.7z file first, to be sure you don't inadvertently make any changes to it.
  • get its checksum by whatever means you're likely to have where you're keeping your backup file (MD5 is the most common, and is available in cloud backups like AWS S3):
    • md5sum top.7z
  • visually compare that with the MD5 checksum of the file on your backup.
    • YES you can copy the checksum from the frankenwallet to a file saved on the host machine, if that makes you feel better.
  • This confirms the files must have the same contents, without having to give a way your cold key password.
  • Even a single bit difference in the files... produced by operator error, encrypting the wrong file, or any kind of transmission error between machines, or anything... will produce a completely different checksum.

Also confirm that the individual key files in your Frankenwallet are the same ones that are being used in your key folders!

Page created: 22 September 2021 16:06 UTC
Last updated: 27 September 2021 17:01 UTC