When you print important crypto stuff (private keys) make sure you use a proper font and don't leave traces on your printer's hard drive and your computer's hard drive

When printing your keys make sure you use a proper font (that don't have similar characters - like "I" and "l", zero and big O).

Also don't trust your printer - some printers have hard drives. And copy of all printed documents is saved on your hard drive (and then "erased" but it still revocable using "undelete" programs) - even in Linux.

You can use this trick to prevent copies of printed pages to be written on the computer's hard drive (this is NOT applicable for printer's hard drive):

mount -t tmpfs -o size=1G tmpfs /var/spool/cups
chmod 0710 /var/spool/cups
chown root:lp /var/spool/cups
mkdir /var/spool/cups/tmp
chmod 1770 /var/spool/cups/tmp
chown root:lp /var/spool/cups/tmp

Also you need encrypted home folder (/home/yourusername) to be safe and use tmpfs for writing the secrets before encryption.

The default installation of Linux distros like Ubuntu is not very secure if you don't know what you are doing.

For example, if you write a file "secret.txt" on your non-encrypted hard drive partition, it stays there for a long time (maybe years) even if you "delete" it.

It can be recovered by the thieves if they stole your hard drive or install malware on your computer.

Also, your swap file must be encrypted if you want to keep your private keys for yourself.

You can use tmpfs to write your secrets before encryption (if you don't have swap file or your swap file is encrypted):

$ mkdir /home/yourusername/tmpfs
$ sudo mount -t tmpfs -o size=2G tmpfs /home/yourusername/tmpfs

It's always beneficial to invest in learning about computer security.

Do not use (only) flash memory (SSD drives, hardware wallets, USB flash drives) for your precious private keys!

Archiving private keys - TLDR version

Comments

Popular posts from this blog

Do not use (only) flash memory (SSD drives, hardware wallets, USB flash drives) for your precious private keys!

Archiving private keys - TLDR version

[ad removed]