I have following situation:
I have to store small .txt file securely (extremely sensitive!) and have it backed up.
And with regular storage on my PC there is no issue, so it is with backup.
I think is it enough to use regular 2GB flash (or SD) encrypted by LUKS for this? This flash will be used only as storage so it is not supposed to have constant writes.
If LUKS not enough, should I put this file inside veracrypt or picocrypt-ng before uploading to flash?
If you are interested what is this file: my PGP key that I use to sign official documents and my crypto seeds. So yeah, it is EXTREMELY sensitive.
Well known i guess depends on who you ask. iStorage is the standard for NATO and many other security agencies. It does hardware encryption instead of relying on software on your workstation to handle the encryption. It makes it easier in terms of compatiblity as it will work on any OS.
Besides compatibilty these drives have brute force protection, something you cannot achieve with fike encryption. It is also protected against evil maid attacks and tamper resistant.
While this is true, I don’t think this will help much on evil Windows for example. Because anything goes through RAM. And if malware have access to RAM nothing will help.
And on other side, device is really good, but it is hard to get one locally (in local IT shops). Only order from internet…
@ph00lt0 looks interesting, ill bookmark it. My concern with SEDs is usually that you have to fully trust the supplier as the firmware is rarely os and then ofc its guaranteed to have a government backdoor.
@Machkiel Luks is a goos start (make sure it is luks2) and putting your seed and key into a kdb instead of .txt is, as suggested, a good improvement. Make sure to use a different password though!
And data integrity might be your biggest concern here. If that is the only way you store these, you must have at least 2 USB sticks for sufficient redundancy.
