Cold storage

2 min readJul 5, 2020

Before implementing additional layers of security, we should provide a backup for secured data. We can use for this the following equipment:

Different PC or laptop
External drive
Phone

When we encrypt data on macOS we should have a backup copy of our data. For this we can use a separate device which is stored in a safe place. For example, we can use a laptop or phone with VeraCrypt encrypted volume.

Pros:

VeraCrypt is an Open Source projects which was audited
VeraCrypt volumes can be decrypted on Windows, Linux, Unix, macOS, Android and iOS.

Plan

Create and store backup password safely
Create an encrypted volume
Place critical data to the encrypted volume
Store volume in a safe location

Create and store backup password safely

It is preferably to use strong password and in your brain.

You can find some usable ideas how to create a strong and memorable password here:

Create an encrypted volume

> Note: All mentioned steps are performed on macOS.

Download and install VeraCrypt on macOS
Run VeraCrypt and create a volume
Create Volume → Create an encrypted file container → Standard VeraCrypt volume → ~\Desktop\backup-disk

Encryption Algorithm: AES(Twofish)

Hash Algorithm: SHA-512

Volume Size: 1GiB

Volume Password: <Very strong password>

Filesystem type: exFAT

I will mount the volume on other platforms

Move mouse around the Desktop for randomness collection until line will be filled

→ Format

Place critical data to the encrypted volume

Now, we can place our critical data to the encrypted volume. The data can be the following:

Password manager database
GPG keys
SSH Keys
Other important and not so big files

Store volume in a safe location

We should store our encrypted volume at least in 2 copies and safe locations.

It is preferably, to store data offline on USB drives, SD cards and other media.