Nobody’s gonna get that!! Standard!
I’ve used YubiKey encryption in a contract role before… the only way to get into a system with a lost YubiKey is to enrol a new key; nobody’s gonna get that 1 Million ADA without the key for that wallet
So Charles can absolutely relax on that one!
My brother and I actually did this.
As you can see below, an earlier version of the PrivateKeyVault was able to print out a paper wallet.
There was a printer built into the device for that purpose.
One of the things we could do was print a qr-code of a keystore file instead of printing the private key.
The keystore file is just an encrypted version of the private key which requires a password to access.
This is what Charles is talking about.
We abandoned the idea however for something that we thought was better.
Instead of making a paper wallet, we decided that it would be better to clone the entire encrypted drive. The drive is just a tiny SD card. So you can have an entire backup of your computer and everything it contains in a package that’s smaller and more durable than a paper wallet. You could even swallow the tiny SD card, wash it off when it comes out and then put it back in a raspberry pi 2 to access all your secrets again. Can’t do that with a paper wallet.
The newer version below contains exactly the same electronics as the machine above minus the printer. It’s just a raspberry pi.
As you can see below, instead of printing paper wallets, the device itself is being used to clone it’s own encrypted drive along with all the private keys and any other sensitive documents you might have like wills, deeds, bank account numbers and passwords. Most important is that the airgap is never broken during the cloning process because everything is done on that device.
Just stick the cloned card into any raspberry pi 2 (the pi 2 has no wifi or bluetooth) and you are up and running again as long as you have the single password that gets you access to the encrypted partition on the drive.
Make the password long and completely random using letters and numbers and special characters. Most anyone can memorize one long random password if the person has enough confidence to make the effort. So there is no need to write it down.
If your information is valuable then you must assume that your hardware has been backdoored or your software compromised and that these are trying to give away your secrets. You must assume that your trusted hardware and software are your adversaries. Still you need to use these adversaries. That’s why your adversaries must be airgapped. For these reasons we think that entering private keys or sensitive documents into any machine that connects to the Internet or to other machines is just plain stupid. We feel that as long as people continue to do this they will continue to get hacked and lose their private keys. And every time someone from our community gets hacked, thousands of people make the choice to stay with centralized banking and centralized identity management systems. If we are going to get the world on blockchains then eventually we will have to face the fact that we have to get the world across the airgap. We already have hardware wallets like the Nano and the Trezor. These are airgapped devices for our private keys. Now we need to figure out how to make convenient airgapped devices for our 24 words, passwords, bank account numbers, and other sensitive documents. We think we are off to a good start but there is more work to be done.
Let’s work on this together
All of this stuff is free and opensource at www.PrivateKeyVault.com