I am 100% sure is malware free
Wow, you sound quite confident.
Brand new and hasn't been connected to the internet.
I'm thinking that I should download the wallet.aes.json from blockchain, encrypt it with the opensource GPG with a really strong passphrase (18+ chars upper and lowercase + symbols as well).
That wallet.aes.json is already encrypted with the password that you use at the blockchain.info website. If the password that you use at that website isn't a "really strong password", then the wallet.aes.json is vulnerable to anybody that gains access to the website's database, regardless of what you do to the one you download. If the password that you use at that website is a "really strong password", then why do you need to encrypt it a second time?
Okay, I didn't know that they were already encrypted. That makes it easier, I guess. So I basically just need to click the back-up icon in the respective blockchain accounts and save those .aes.json files as they are. Then the only way to steal those coins would be to crack the password?
Would this also be a sustainable way to set it up for 1-2 family members of mine, who recently approached me regarding help with buying bitcoins (and storing them of course)?
If you are comfortable recommending an online service and they are capable of choosing and remembering a "really strong password" for use with the blockchain.info website.
What else would you recommend? They are not tech savvy at all, but have iPhones, so I can set up Google 2-FA on their blockchain.info account, and they would basically leave it for a year or so.. I would probably also do a back up of their wallets on a disk. Unless there is a better way, of course
From what I've gathered your coins cannot get stolen on blockchain, UNLESS you login while the sites code is infected with malware, this would not be a problem, as this is for a "buy-and-hold" in atleast a few years.
If you don't choose a strong enough password, then someone could access the site's database, and decrypt your private keys. It is also possible for keylogger software on your coputer to capture the password when you login to the site.
I was under the impression you couldn't just hack blockchain.info due to them using offline storing and Javascript wallets? Unless the sites code would be infected and you were to login while this was happening.. The 2 family members would use Google 2-FA, so the biggest concern would be that the owner of blockchain runs off with the coins? Correct me if I'm wrong
Also, would I have to do back ups everytime the balance of the wallet increases?
I believe that with blockchain.info you only need to create a new backup whenever you generate a new receiving address.
I also read up on making a paper wallet for my non tech savvy family members, with ubunto disc and generate an offline paper wallet.. If this were the way to go, what would be a good way to back it up? Picture of wallet with private key and maybe print on a disc?
Thanks for your answers, hope you (or somebody else) can clear these follow-ups for me as well..
