As seen in his latest video of the Security Foundation Series, Charles explains that recovering your 24 word recovery phrase may be impossible if you lose your YubiKey. The problem is that Kleopatra is not able to transfer the master key to the YubiKey. Charles maybe able to figure this out but as of this moment anyone who has been using the YubiKey or Kleopatra to backup their 24 words should definitely watch this to prevent a complete loss in the case that the YubiKey is lost.
Respect to the twitter user who discovered the problem and respect to Charles for making this video right away.
There are a lot of moving parts in this Security Foundations Method so problems are to be expected.
There is the YubiKey, the Apricorn, Kleopatra, LastPass, Mailvelope, an operating system on a flash drive, and a computer (with onboard radios), keyboard, and monitor all of which we assume have not been compromised. And even if Charles can get it all to work, the system is still not airgapped.
My brother and I have developed a free and opensource method of doing all our cryptographic work including securing the 24 keywords using only an airgapped raspberry pi.
We use it for generating and sending offline transactions without ever breaking the airgap. In this case we are explaining how to do it for the Ethereum community.
As seen here we use it for PGP messaging. The messages are only composed and read from behind the airgap where remote viewing and key logging is not possible.
We use it for generating truely random seeds and master keys behind the airgap as explained here. In this case we are explaining how to do it for the IOTA community but there is no reason the truly random number generator built into every raspberry pi 2 can not be used to generate the 24 word recovery phrase needed for Cardano accounts.
We safely store our seeds, private keys, passwords, bank account numbers, wills, and contracts right on the raspberry pi because we are using luks full disk encryption on the pi’s SD card.
We don’t just backup private keys to a paper wallet, we back up everything (the entire computer) from behind the airgap as seen here. Since the tiny SD card (the hard drive) is encrypted, the clones are encrypted too. So you can give them to friend or enemies to hold for you but they will never be able to open them. Luks full disk encryption can be cracked if the password is not strong. So make it a good one.
In the videos you see above we have built special tamper evident cases and added battery power for the raspberry pi but that is not necessary to enjoy all the benefits of doing your cryptographic work, backing it up, and storing it on a raspberry pi.
Everything you need is found at www.privatekeyvault.com
All the information we provide is free and opensource.
All you need for airgapped security is a raspberry pi 2 or a raspberry pi compute module.
These do not have built in radios.