Previous Page

Prism Breaker

How to setup a trustless inheritance plan for your monero

If you make a lot of money in monero, and unluckily you are about to reach the end of your life, and again luckily you have someone you care and want them to have your money after your death, this tutorial is for you.

Let's do not ask why you do not handle them your coins or convert to fiat when you are still alive, maybe you want some sort of mysterious surprise for your relative who never heard of monero, and carries on to execute your evil plan with it.

Theory

Next we will create 3 containers with key files to store our seed. Key file is a veracrypt feature, which will be used to encrypt your container. For a veracrypt randomly generated keyfile it has extremely strong randomness, and makes brute force impossible. It is impossible to unlock the container without the keyfile.

First you will need to think about a password, then we will use veracrypt to create 3 key files. Each container will be encrypted using combination of different key files and the same password.

Volume 1 : password + key file 1 + key file 2

Volume 2 : password + key file 2 + key file 3

Volume 3 : password + key file 1 + key file 3

Then you copy the seed file to each of the container

You will keep key file 1, and the containers at home, or at any place that is discoverable by your family members. You need to tell your family members about the encryption password. You can also upload these containers to the cloud, since you can be confident about the encryption, because they will very likely survive the post quantum era. A cloud backup on your icloud or family member's web drive makes it possible to recover your assets when your home get destroyed in a disaster.

You will handle key 2 and key 3 to two different lawyers in different countries, and ask them to send it to your family members when you die officially.

In this setup your monero can be safely inherited, and it is resistant against accidents. If one of the key file get lost, like your home or your lawyer's office get a nuclear strike or earthquake, your family members can still manage to get two key file, and can decrypt one of three containers that contains the seed.

In the worst case it is also impossible for lawyers to somehow collude to steal your coins because they do not have the containers and password. It is also very hard for your naughty wife/children to steal your coins, since they need to find the lawyer and get another key which will be hard if you find a trustworthy lawyer.

One thing you need to be careful is you have to store the containers and keyfiles on a hdd or cd/dvd, do not store it on a flash drive or ssd. ssd will lose the data if not powered for a really long time. You do not want this to happen!!!

Initial setup

First you need monero(ofcourse!), and then export your seed. We will setup a plan that people can reliably retrieve your seed when you die. In this example I will just use the monero official gui wallet

In this example we create a new wallet for this

Next take a note of the seeds, as them are the crucial for people to recover your monero

Then put the seeds in a text file by using the editor you like

Save that file and we will use that later, and remember to do this in a trusted environment and delete that later!

Next is to setup veracrypt, we will use this software for encrypting your seed, veracrypt is a highly battle tested software with many features. In this setup we will use its keyfile feature mostly for achieving a multi-sig effect.

Down the veracrypt install pack that suits your OS, in my setup is deb. Their official site is https://www.veracrypt.fr/en/Downloads.html

Next do the verification, you should download the signature and import the public key. Your pubic key should have the signature of 5069 A233 D55A 0EEB 174A 5FC3 821A CD02 680D 16DE

First download the public key

$ wget https://www.idrix.fr/VeraCrypt/VeraCrypt_PGP_public_key.asc
--2024-11-24 10:35:28--  https://www.idrix.fr/VeraCrypt/VeraCrypt_PGP_public_key.asc
Resolving www.idrix.fr (www.idrix.fr)... 51.210.181.103
Connecting to www.idrix.fr (www.idrix.fr)|51.210.181.103|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 5434 (5.3K) [text/plain]
Saving to: ‘VeraCrypt_PGP_public_key.asc.1’
			  
VeraCrypt_PGP_publi 100%[===================>]   5.31K  23.4KB/s    in 0.2s    
			  
2024-11-24 10:35:31 (23.4 KB/s) - ‘VeraCrypt_PGP_public_key.asc.1’ saved [5434/5434]
		  

Then import and verify its fingerprint

$ gpg --import VeraCrypt_PGP_public_key.asc
gpg: keybox '/home/user/.gnupg/pubring.kbx' created
gpg: key 0x821ACD02680D16DE: 1 signature not checked due to a missing key
gpg: /home/user/.gnupg/trustdb.gpg: trustdb created
gpg: key 0x821ACD02680D16DE: public key "VeraCrypt Team (2018 - Supersedes Key ID=0x54DDD393) " imported
gpg: Total number processed: 1
gpg:               imported: 1
gpg: no ultimately trusted keys found
			  
$ gpg --fingerprint
/home/user/.gnupg/pubring.kbx
-----------------------------
pub   rsa4096/0x821ACD02680D16DE 2018-09-11 [SC]
	Key fingerprint = 5069 A233 D55A 0EEB 174A  5FC3 821A CD02 680D 16DE
uid                   [ unknown] VeraCrypt Team (2018 - Supersedes Key ID=0x54DDD393) 
sub   rsa4096/0x200B5A9D26878A32 2018-09-11 [E]
sub   rsa4096/0x0F5AACD65483D029 2018-09-11 [A]
		  

Finally verify the package to make sure it is authentic, and install it. You need to see the "Good signature from "VeraCrypt Team...", otherwise do not proceed

$ gpg --verify veracrypt-1.26.14-Debian-12-amd64.deb.sig veracrypt-1.26.14-Debian-12-amd64.deb
gpg: Signature made Mon 26 Aug 2024 09:40:36 PM UTC
gpg:                using RSA key 5069A233D55A0EEB174A5FC3821ACD02680D16DE
gpg: Good signature from "VeraCrypt Team (2018 - Supersedes Key ID=0x54DDD393) " [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 5069 A233 D55A 0EEB 174A  5FC3 821A CD02 680D 16DE
		  

sudo apt install ./veracrypt-1.26.14-Debian-12-amd64.deb
		  

Encrypted container setup

Next choose volume option in menu, and create a encrypted file container.

We will choose to create a standard volume here, since this is only for inheritance nor for fighting CIA.

Choose a location to save your container and then continue

For the encryption algorithm I strongly recommend to choose multiple encryption layers, since this prevents an algorithm is backdoored or broken in the future.

For the volume size just choose 10MB since this is only for saving a piece of text

Then create a strong and easy to remember password at this step

Next choose the key file option

We will try to generate 3 random keyfiles

Move your mouse to collect enough entropy, this is very important! The protection from cryptography will be significantly weakened if there is not enough randomness. Then set the key file size to maximum which is 1048576. This is the maximum size utilized by veracrypt and we should use that.

Name your keyfile as key 1 and save it. And repeat this step to produce key 2 and key 3, we will use them later

If you have done this correctly, you should have 3 key files like this

Then come back to the creation of container 1, choose the use keyfiles option

Select keyfile 1 and keyfile 2 as planned in the theory part

At the format stage move your mouse like what you have done for keyfile, and then format the volume.

Now you have completed the setup of container 1, just repeat the above steps, using the same password but with different combination of keyfiles as stated in the theory part. You should get container 2 and container 3 after this.

Inheritance

After all the hard work, now we will store the seed.

You should try to decrypt your containers to make sure they really work!

Select container 1 in the menu, select a slot and click mount

Then enter the password, and insert the keyfiles

Click ok and if nothing goes wrong your container should be decrypted and visible in the file explorer.

Now copy your seed into the container and unmount it. You should repeat those above steps, test container 2 and container 3, and copy the seed into them.

All the work is done now, you should pack up all the containers, put them in a hdd or burn them on a cd, and do a cloud backup of containers(do not upload your keyfile!). Store the keyfile 1 with your local copy of containers, and write done the password and notify your family members. If your family members are not familiar with crypto or programming, you should also write down a detailed note how to decrypt the container plus how to restore monero with seeds, and possibly how to dump them on kraken to convert back to fiat :-(

Final step is to contact two independent lawyers in different countries, and send them a physical copy of your keyfile. Now you can comfortably sleep, because you know your crypto will still be used by someone when God judges your life in heaven.