Backups to host machine

How to back up, and verify backups of, your low-security and high-security key folders

Hint: when saving your crypto key archives on your host computer (assumed compromised, likely to be backed up into the cloud, etc.), don't call them crypto-cold-keys.7z or anything that looks like an attractive target to hackers or spooks.

➤ Choose two filenames for these archives that mean something to you, and which you will never confuse between the two security levels of low- and high- security keys... because you never want to be entering that Frankenwallet password on your host environment by mistake!


Backup creation

checking that your cold key encrypted archive has the contents you think it does, WITHOUT decrypting it anywhere but the frankenwallet...

  • example: payment.skey - where your life savings is stored.
  • first: open it both in the Frankenwallet, anywhere you may already have used it for signing successful transfers out of payment.addr - as a text file.
  • then: open it from the top.7z archive, or wherever you encrypted it, so it opens up in another tab.
  • It'll confirm in the tab headers for the text editor that one is the file in the encrypted archive and the other is your "known" good version of the file.
  • Switching back & forth between the tabs will verify that the files are the same.
    • You could do that by comparing checksums, but seeing the idential files is reassuring and you're like to remember it and feel a sense of safety later.

Backup verification

confirm that encrypted archive is the same as the one you have on your backup

  • make sure you close top.7z file first, to be sure you don't inadvertently make any changes to it.
  • get its checksum by whatever means you're likely to have where you're keeping your backup file (MD5 is the most common, and is available in cloud backups like AWS S3):
    • md5sum top.7z
  • visually compare that with the MD5 checksum of the file on your backup.
    • YES you can copy the checksum from the frankenwallet to a file saved on the host machine, if that makes you feel better.
  • This confirms the files must have the same contents, without having to give a way your cold key password.
  • Even a single bit difference in the files... produced by operator error, encrypting the wrong file, or any kind of transmission error between machines, or anything... will produce a completely different checksum.

Also confirm that the individual key files in your Frankenwallet are the same ones that are being used in your key folders!

Last updated: