<div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">step 1: keep your own copy of the password-store safe, in an encrypted<br>
file system.<br></blockquote></div><div><br></div><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"></blockquote></div><div>A variant on this is to use something like Tomb [1] to keep your password store in an encrypted block file in an unencrypted filesystem.</div><div><br></div><div> [1]: <a href="https://github.com/dyne/Tomb">https://github.com/dyne/Tomb</a></div><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
</blockquote></div>