<2021-05-26>
A few days ago, a good friend asked me: "How do you restore your encrypted offsite backup when you've lost all your other machines".
If all my devices are down at the same time, I might actually have a problem, as I would need at least a PGP key to decrypt my password manager.
So after some research I decided to copy my private ssh and gpg keys to an encrypted veracrypt volume. This is basically a small encrypted folder (~10MB) you can borrow to some of your friends.
Create encrypted volume
# Create a new volume through a text user interface veracrypt --text --create # Volume type 1 # normal, default # Enter volume path: /private/unencrypted/nextcloud/keys # Enter volume size: 10M # du -sh ~/.gnupg/ ~/.ssh/ # will give you a good idea # Encryption Algorithm: 1 # For AES, default # Hash algorithm: 1 # For SHA-512, default # Filesystem 2 # For FAT, default # Enter passphrase MAGA2020!:D # Enter PIM # For more information: https://documentation.help/VeraCrypt/Personal%20Iterations%20Multiplier%20(PIM).html # I leave this empty because I think my passphrase is strong enough # Enter keyfile none # default
Decrypt volume and mount it
mkdir /tmp/keys veracrypt --text /private/unencrypted/nextcloud/keys /tmp/keys
Copy keys
scp -rp ~/.ssh/ /tmp/keys/ scp -rp ~/.gnupg /tmp/keys/ # ... touch /tmp/keys/FILES_ARE_HIDDEN # just a hint for the future
Dismount volume
veracrypt --text --dismount /tmp/keys/ # make sure you are not in /tmp/keys, otherwise you will see: # Error: umount: /tmp/keys: target is busy. rm -rf /tmp/keys