Gopass and Git Password Management

3 minute read Updated

Manage your passwords on the clearnet with gopass and git.

After adopting a variation of the Gentoo policy for managing OpenPGP (GnuPG) keys I now feel confident enough to use OpenPGP to save sensitive passwords in the cloud. Gentoo’s GLEP 63 policy takes the guesswork out of key management and provides some best practices valuable when encrypting sensitive information.

Although saving sensitive passwords in the cloud may seem a foolish endeavor the alternative is to keep passwords on the sneakernet and risk losing them. Given the abundance of thumb drives and their general multi-purpose use one might, for example, accidentally erase their only backup. Not to mention saving data on any physical medium carries the risk the physical media becomes corrupted.

Moving GPG Keys Privately

4 minute read Updated

How to privately move your GPG keys from one machine to another.

If you’re a software developer working ethically you’re almost certainly using GnuPG to sign your work. And if you’ve been at it for any length of time you’ve almost certainly been forced to switch machines. Unless your aim is to create a new identity for each machine you use you need a simple, repeatable strategy moving GPG keys privately. Let me show you how.

Invisible Arch Linux

13 minute read Enclosure Published

Encrypted system using detached LUKS header with air gapped install.
Caveat lector: This information is intended for entertainment purposes only. When individuals speak of doing “big fist pumps” after their Arch installs successfully boot it can be hard to contain one’s curiosity about the path that led them there. But it’s hard to understand until you try it yourself. This was my journey to first install. It was an encrypted one. In this tutorial I will show you how I repurposed an old MacBook Pro to double-down on privacy using deniable encryption and how you can too.

External Backup Drive Encryption

14 minute read Enclosure Published

How to create secure external backups with LUKS, Borg and BLAKE2.

A friend in Bali handed me a 1 terabyte external SATA drive recently and that’s great because the device is an integral part of a 3-2-1 backup strategy I’m adopting after Apple Care suggested I make a full backup of my 15" MacBook Pro.

The principle is simple:

3 copies, 2 different types of storage (physical and in the cloud for example) and one copy being physically separated from the others

Emanuele M. Monterosso

Of the 3 copies I needed 2 are complete. One copy is stored on MicroSD and kept with me. The other encrypted in the cloud on a Scaleway server in France. The last copy is going on the external SATA drive given to me last week which would be cool to put in a time capsule.

In this post I will show you how to securely store your backup data with two layers of encryption on an external drive or disk. After securing the disk we will start to automate the creation of space-efficient backups. Tools we’ll be using include GNU Parted, DMCrypt, a device-mapper crypto target, and Borgmatic to automate our backups in a expressive way.

Borg Backups with MinIO and Scaleway

8 minute read Updated

How to create encrypted system backups using S3-compatible object storage.

After switching from macOS to Manjaro on my MacBook Pro I was in need of a truly encrypted back-up solution. After considering a host of backup tools, including Restic, I opted for a less mainstream tool which supports blake2 encryption, gives you your private key, and, as an added bonus, churns out the smallest backups possible for use in cloud storage scenarios: BorgBackup.

In this post I’ll cover how to migrate encrypted Borg backups from any system which can run MinIO to a cloud services provider offering 500GB object storage for less than 6€ per month: Scaleway – a service brought to my attention by a friend and fellow After Dark user named Teo.

Read on to learn how to create Borg backups with MinIO and Scaleway.

Surfing the Uncensorable Web

11 minute read Enclosure Published

Testing the waters of ZeroNet to enjoy a Web without information gatekeepers.

Unless you’ve been living under a rock you already know the guy behind WikiLeaks, who was living at an Ecuadorian embassy in London, was recently arrested and now facing extradition to the United States – the country I’m originally from – and the country which forces tax payers to fund the second-largest stockpile of nuclear weaponry ever created.

But perhaps you didn’t know that WikiLeaks was at one point hosted by Amazon. Yep, right up until political pressure caused them to take it down. Afterall, nothing says freedom like a fear of misbehavior in a country with the highest incarceration rate in the entire world. I suppose Julian Assange’s situation could be worse… Maybe, had he also been practicing Falun Gong in China. But I digress. And there’s no telling what’s going to happen.

Managing Passwords on Android

2 minute read Updated

How to secure your passwords and keep them synced between devices.

After hacking Android onto an HD2 previously running Windows Mobile I quickly became challenged with the task of recalling passwords for frequently used apps – apps like Telegram, ProtonMail, Binance, Snapchat you name it.

And although long-term password management may feel like a burdensome task to some a steadfast approach is critical for security and relatively painless for anyone who’s been using a KeePass port the last decade.

Password Protection with PassKeeper

3 minute read Updated

How I lost all my passwords but it didn't affect me one bit.

After recently losing a USB flash drive with all my passwords on it, I was grateful for the precaution I took by storing my password data encrypted using Brad Greenlee’s PassKeeper password manager.

PassKeeper is a Windows utility that allows you to keep a list of accounts with usernames, passwords, and notes. This list is stored encrypted.