In this post series I will show you how I have built a wallet system on a Raspberry Pi for 80$ that is able to store my wallet in an encrypted file that is backuped to an usb stick and uploaded (encrypted) to google drive monthly.

• Part 1 will show you what to buy.
• Part 2 will show you how to set up the operating system Debian for Raspberry and how to create an encrypted container.
• Part2a will show you how to set up auto upgrading.
• Part 3 will show you how to set up a Backup and Samba so that you can reach the encrypted store as an windows share.
• Part 4 will show you how to create a simple Telegram bot that sends you notifications what raspberry pi does.
• Part 5 will show you some other stuff I do.

Part 2

Take your micro sd card put it into your notebook and copy an image of Debian on it. When you are used to Linux you can use this:

$ wget https://people.debian.org/~stapelberg/raspberrypi3/2018-01-08/2018-01-08-raspberry-pi-3-buster-PREVIEW.img.xz
$ xzcat 2018-01-08-raspberry-pi-3-buster-PREVIEW.img.xz | dd of=/dev/sdb bs=64k oflag=dsync status=progress

Where /dev/sdb is the target device. You can type $ ls -lah /dev/sd and press tab two times to see what devices are available. Repeat that after you have removed your micro sdcard and you will see what device is missing. After you put it in again you know what your sdcard device is.

If you want to use Windows just unpack the archive with Winrar and install etcher. It will allow you to copy an image to an micro sdcard.

Connection to Raspberry Pi

Next put the micro sd card into the Raspberry Pi. Plug in the network cable and the power. It should instantly blink. Don't worry, it blinks in red.

If the network addresses in your network are automatically resolved by DHCP you can connect to it.

Under Linux just type $ ssh root@rpi3 and enter the password raspberry.

When you use Windows just download Putty and enter root@rpi3 as hostname:

Congratulations! You are on the system:

Change your password

$passwd root should do the trick. Enter your new password.

Install ntp

Time to install a Network Time Protocol Server that keeps the time up to date:

Type $ apt-get install ntp and press enter. Type y on each question.

Usb memory stick setup

Next we want to set up our usb device for backup. We have to find out again what the device is, so let's do it again:

You can type $ ls -lah /dev/sd and press tab two times to see what devices are available. Repeat that after you have removed your usb memory stick and you will see what device is missing. After you put it in again you know what your device location is.

On my raspberry pi it's /dev/sda. I will have to use that.

Next we will have to set up a partion. For that type $ cfdisk /dev/sda

Then go on now and press enter. After that y and then go on 'quit' and write. After that there is a device /dev/sda1.

After that we will have to format the device. $ mkfs.ext4 /dev/sda1 will do the job.

At least $ mkdir /media/usb and $ mount /dev/sda1 /media/usb && ls -lah /dev/usb mounts the device.

We want to auto mount the device so let's find out the device id:

$ blkid /dev/sda1: UUID="1cf40608-8f341-4fd5-10ed-46e483b73411" TYPE="ext4"

and add that to /etc/fstab:
$ echo "UUID=1cf40608-8f341-4fd5-10ed-46e483b73411 /media/usb ext4 defaults 0 1" >> /etc/fstab

When you reboot by $ reboot and type $ df -h you should see that it is mounted:

/dev/sda 117G 2,4G 109G 3% /media/usb

At last we create a directory on the sd card that we can backup later$ mkdir /media/backuped

Encryption time

First you need to create an encrypted file: $ sudo dd if=/dev/urandom bs=1M count=8 of=/media/backuped/encrypted.aes

After that you have to install cryptsetup: $ apt-get install cryptsetup and create an AES-512 image with it:

$ cryptsetup luksFormat -c aes-xts-plain64 -s 512 -h sha512 -y /media/backuped/encrypted.aes

You will be asked for a passphrase. Choose wisely, use at minimum 20 characters for good security. If you want to use a shorter passphrase please discuss it with me in a comment and let me talk you out of it. ;) Very important: Secure your passphrase! Write it down on a secure location. Think about the fact that your house could burn down. The passphrase is the most important thing now, your money depends on it.

After that you can open the container: $ cryptsetup luksOpen /media/backuped/encrypted.aes aescontainer. For that you will have to enter your passphrase again.

After that you will have to add a mounting point, create $ mkdir /media/encrypted

Next we will have to format the file system. Use $ mkfs.ext4 /dev/mapper/aescontainer for that or choose another filesystem.

Now you can easily mount it with $ mount /dev/mapper/aescontainer /media/encrypted and when you are done you can umount it with $ umount /media/encrypted and close the container with cryptsetup luksClose aescontainer.

We are done. :)

If you want you can make a script to mount it:

$ cat echo "cryptsetup luksOpen /media/backuped/encrypted.aes aescontainer && mount /dev/mapper/aescontainer /media/encrypted" > /media/backuped/mount_encrypted.sh && chmod +x /media/backuped/mount_encrypted.sh

and a script to unmount it:

$ cat echo "umount /media/encrypted && cryptsetup luksClose aescontainer" > /media/backuped/umount_encrypted.sh && chmod +x /media/backuped/umount_encrypted.sh

Party time!

Congratulations! We have an encrypted file where we can store our wallets. In the next part we will create a backup and make it reachable as a Windows share through Samba.