Backup entire vault printed on paper encrypted

I want to make a paper backup of the entire Vault to store in a bank safe deposit box.
However, I would like to print it encrypted and deposit the corresponding key with a lawyer. Is there a standard for doing this?

I’m not sure I understand the reason for a paper copy; for one thing OCR will turn a printed copy into an electronic copy almost instantly.

Maybe give your master password to your lawyer and the 2FA recovery keys to your executor or someone else you trust implicitly.

Best approach may be to export the vault to a usb key and store the usb key in a safety deposit box. Your export could be encrypted. The usb key could also be encrypted such as a biometric usb key. Of course, all that behind a safety deposit box is a very high level of security and perhaps overkill.

A different approach: store your printed master password and 2FA recovery key in a safety deposit box (or separate them) and your encrypted vault locally or with a trusted lawyer or estate executor on a usb key. They won’t be able to access it without access to your safety deposit box.

I agree with @222 that this is probably the best approach. Here is information on how to create a backup on usb:

Another possibility is to give your lawyer Emergency Access:

1 Like

@Berzdorfer Welcome to the forum!

If your lawyer would be in principle be willing to learn or follow instructions for how to decrypt a passwords database that is encrypted on paper, then they should also be capable of following the instructions for being a “grantee” of Emergency Access. This would be the most seamless solution for your use-case.

Nonetheless, if you require an encrypted hardcopy printout, I found this software tool that could be helpful for this purpose:

http://ollydbg.de/Paperbak/index.html

You are better off securing something like a vault in a secure location and giving access to a lawyer than giving a lawyer the vault. Lawyers are notoriously disorganized. You and they may never see it again. Lol!

By the way, I had a bank lose my safety deposit box once! They lost all the records of ownership. It was a sea of boxes with an offer to try all keys. They often ship stacks of boxes to different locations. Banks often take no responsibility for lost contents. Lots of news articles online. Always have a B Plan.

1 Like

Surely multiple versions of heavily encrypted copies should do the trick. Store on multiple USB keys and in the cloud. All you then have to do is decide who to trust :scream: Oh, and how (and how often) to update of course.

You can use a cloud storage that provides automatic syncing so the latest version is automatically uploaded. That makes that portion easier.

1 Like

For remote off premises protection I employ the following method, which would serve well for your use case:

I download the data vault UNENCRYPTED on purpose. I download both formats json and csv. These are placed in a zip file and then gpg encrypted to my “super key”. The resultant zip.gpg file is placed as an attachment on one of my Tutanota email accounts. These email accounts are not publicly circulated and are used for storage as mentioned above here. Tutanota themselves cannot ever gain access to these attachments even if I were to upload an unencrypted file. I never do, but just saying!!

I bring my vault contents down unencrypted because it gives me total control and all access even if BW were to disappear from the scene. Not likely, but I like covering my bases!! Generic json and csv can be opened and used via numerous methods. Solid security and NOBODY will ever even find my encrypted contents unless I give them directions to it.

It would be trivial to accommodate your needs for “succession” planning.