Replies: 1 comment 1 reply
-
The best way to pull this off would be to use something like Sun's qr-bridge app, (or any other trusted QR reading app) and then decrypting the PGP text in a non persistent part of tails, by saving it as a .asc file and then just double cliicking it (or using the decrypt option from the notepad quick settings toggle). If you don't wanna do that, one way you could restore from the QR is to scan the QR using a seperate device (offline & hardened) and simply store the PGP mesage text as a .asc file in a Tails encrypted persistant storage (preferably further stored in a veracrypt hidden container that doesn't have an obvious name). copy the .asc file in a non persistent part of the system (like the documents folder), and double click to decrypt there. Make sure to use tails in offline mode. I know that kind of defeats the purpose of having the QR in many ways and isn't exactly air gapped but it works. |
Beta Was this translation helpful? Give feedback.
-
Hey Sun,
First of all, awesome project and thank you for your guides! This is great for so many situations. One question, what would be the process if non-tech people wanted to restore the secret using the QR codes without using a Pi.
Scanning the QR gets the PGP message, and I can then unencrypt using the SSS password and get a hash. But then what?! I know x of y shares is needed but is there a way to do this without a ton of CLI knowledge, specifically for my family.
Sorry I'm a bit of a newb, so this is probably super simple for you and others but wanted to ask. Any help is truly appreciated.
Also a future project suggestion: consider creating and showing how to to install a basic version of the SSS setup onto a persistent drive on tails so the share holders could simply open terminal and run qr-restore.sh --shamir-secret-sharing after unlocking the drive?
Anyway keep up the great work!
Beta Was this translation helpful? Give feedback.
All reactions