How to back up, and verify backups of, your low-security and high-security key folders
Hint: when saving your crypto key archives on your host computer (assumed compromised, likely to be backed up into the cloud, etc.), don't call them crypto-cold-keys.7z or anything that looks like an attractive target to hackers or spooks.
➤ Choose two filenames for these archives that mean something to you, and which you will never confuse between the two security levels of low- and high- security keys... because you never want to be entering that Frankenwallet password on your host environment by mistake!
TODO: EXPAND THIS OUTLINE
Backup creation
checking that your cold key encrypted archive has the contents you think it does, WITHOUT decrypting it anywhere but the frankenwallet...
- example: payment.skey - where your life savings is stored.
- first: open it both in the Frankenwallet, anywhere you may already have used it for signing successful transfers out of payment.addr - as a text file.
- then: open it from the top.7z archive, or wherever you encrypted it, so it opens up in another tab.
- It'll confirm in the tab headers for the text editor that one is the file in the encrypted archive and the other is your "known" good version of the file.
- Switching back & forth between the tabs will verify that the files are the same.
- You could do that by comparing checksums, but seeing the idential files is reassuring and you're like to remember it and feel a sense of safety later.
Backup verification
confirm that encrypted archive is the same as the one you have on your backup
- make sure you close top.7z file first, to be sure you don't inadvertently make any changes to it.
- get its checksum by whatever means you're likely to have where you're keeping your backup file (MD5 is the most common, and is available in cloud backups like AWS S3):
- md5sum top.7z
- visually compare that with the MD5 checksum of the file on your backup.
- YES you can copy the checksum from the frankenwallet to a file saved on the host machine, if that makes you feel better.
- This confirms the files must have the same contents, without having to give a way your cold key password.
- Even a single bit difference in the files... produced by operator error, encrypting the wrong file, or any kind of transmission error between machines, or anything... will produce a completely different checksum.
Also confirm that the individual key files in your Frankenwallet are the same ones that are being used in your key folders!