This information demonstrates how to self-custody bitcoin utilizing the SeedSigner. SeedSigner is a challenge that brings collectively free and open-source code, cheap and general-purpose {hardware}, and a do-it-yourself (DIY) strategy to taking private duty of your bitcoin.
This information covers:
Unboxing
This part demonstrates what is included within the full SeedSigner equipment. The equipment might be bought from BTC Hardware Solutions with worldwide delivery out there. Alternatively, EU/U.Okay. clients can buy the equipment from GoBrrr or DIYNodes, and Philippines clients can use TechHaven.
The SeedSigner equipment consists of the next parts:
- Raspberry Pi Zero
- Raspberry Pi Camera
- Ribbon cable for the digicam
- WaveShare LCD HAT
- 3D-printed, open-face case
- Seven clean QR code/mnemonic phrase playing cards
- SeedSigner sticker
- “Getting Started” directions
- “Thank You” card
The SeedSigner equipment comes with most every little thing you have to to get began, the one items you have to to provide your self are a MicroSD card of at the least 4 GB capability and a micro USB cable. Assembly required.
The included clean QR code/mnemonic phrase playing cards measure 64 millimeters (mm) by 89 mm. These playing cards characteristic 24 clean areas for seed phrases on one aspect, together with a warning that reads: “Never enter seed words into a computer that connects to the internet.” On the other aspect, there is a clean 29 by 29 QR code grid with room for the pockets fingerprint and a few notes, together with a warning that reads: “Never scan seed QR into a computer that connects to the internet.”
Alternatively, one can decide to use the stainless steel model of the QR code backup. The chrome steel plates are made by @SeedMint21. All of its high-quality merchandise are out there at https://vulcan21.com/.
The SeedSigner chrome steel plate includes a 3 mm by 66 mm by 91 mm plate that may stand up to hearth and flooding. This is an incredible different from paper as a result of it might probably deal with excessive environments. The plate featured on this information has the SeedSigner emblem on it, however future plates could not have this emblem to assist forestall revealing that this is a Bitcoin-related product. There is a 29 by 29 QR code grid on the plate and you may mark the indentations with a marker, verify that it really works after which stamp the marks with a punch to make them everlasting.
You can set the SeedSigner equipment apart for now when you put together the software program picture in your microSD card within the subsequent part.
Software
This part demonstrates how to obtain the SeedSigner picture and flash it to your microSD card. You will want to provide your personal microSD card that has at the least a 4 GB capability. Best apply is to check your {hardware} with the software program picture to be sure that every little thing works prior to trying meeting with the 3D-printed enclosure.
Step One: Download
Navigate to the SeedSigner GitHub repo and search for the newest launch.
Scroll to the underside of that launch part and click on on the hyperlink to obtain the .zip file. If you prefer to to confirm your obtain, click on on the hyperlinks to obtain the “.sha256” file and “.sig” file as effectively. Save these information in the identical folder location.
Step Two, A: Verify — Windows
This step is elective however advisable. This will guarantee that you’ve got downloaded the file that the SeedSigner builders meant on you receiving. This step will reveal how to confirm on a Windows platform. Skip to “Step Two, B” should you are utilizing a Linux platform.
Or skip to “Step Three” if you don’t want to confirm your software program obtain that can be dealing with your Bitcoin non-public keys.
The following directions make an assumption that you just already use Kleopatra from the gpg4win software bundle and have your personal PGP key setup.
- First you have to the SeedSigner public key, which you could find here
- Copy the general public key to your clipboard.
- Open Kleopatra, navigate to “Tools” then “Clipboard” then “Certificate Import”
- You ought to obtain a dialog that informs you the certificates was imported efficiently. Click on “OK.”
- Now you’ll be able to evaluate the fingerprint in Kleopatra to a identified publicly-displayed fingerprint resembling SeedSigner’s Twitter profile.
- Now you’ll be able to proper click on on the SeedSigner certificates in Kleopatra and choose “Certify.”
- You can be prompted to enter your password.
- Open the folder containing the .zip file, “.sha256” file and “.sig” file.
- Right click on on the “.sig” file.
- Select “More GpgEX options” then “Verify.”
- Kleopatra will now use the signature file and the SeedSigner public key to confirm the “.sha256” file.
- You ought to obtain a dialog displaying the profitable verification.
It is necessary to find a way to distinguish between a legitimate and authorized signature, a legitimate signature and an invalid signature. Because the SeedSigner public key was licensed by evaluating the ensuing fingerprint to a identified, publicly-displayed fingerprint, the Kleopatra software program prints a legitimate and authorized dialog in inexperienced.
If you didn’t take the additional step to certify the SeedSigner public key, then Kleopatra can nonetheless decide that the signature is legitimate, however not licensed. Meaning that the general public key and accompanying signature are legitimate however that they might be from another entity impersonating the developer. These dialogs can be printed in white. This is nonetheless a legitimate matching signature, it is simply that until you’re taking that further step to certify the fingerprint of the general public key, then do you actually understand it is a legitimate signature from SeedSigner and never an impersonator?
Or if there was some manipulation within the file you downloaded and it is not authentically signed by the SeedSigner key, Kleopatra will print the dialog in purple. This is an invalid signature and you shouldn’t proceed with decompressing the .zip file.
Now that you’ve got verified the authenticity of the accompanying “.sha256” file, you’ll be able to relaxation assured that the SHA-256 hash worth contained inside it is in actual fact the hash worth that try to be ready to independently generate on the accompanying .zip file. To generate hash values on information, you should utilize a handy freeware hex editor instrument referred to as HxD.
- In HxD, navigate to “File” then “Open” and choose the SeedSigner .zip file
- Navigate to “Analysis” then “Checksums” then “SHA256”
- Now you’ll be able to open the SeedSigner “.sha256” file with a textual content editor like Notepad.
- Compare the hash values between HxD and the SeedSigner file.
After verifying the hash worth, you realize that the .zip file is genuine. If the hash values don’t match, then don’t decompress the .zip file. It is a good suggestion to shut the .zip file from HxD at this level. You can skip forward to “Step Three” now.
Step Two, B: Verify — Linux
Verifying signatures in Linux is a way more easy course of. PGP instruments come inbuilt and might be executed from the command line terminal.
Before continuing, guarantee you’ve got the .zip file, “.sha256” file and “.sig” file in your downloads listing.
- Open your terminal
- Import the SeedSigner public key to your key-chain with:
curl https://raw.githubusercontent.com/SeedSigner/seedsigner/main/seedsigner_pubkey.gpg | gpg –import
- You ought to see the terminal print “imported: 1”
- Then change your listing to your downloads folder with “cd Downloads”
- Now confirm the signature with:
gpg –verify seedsigner_0_5_0.img.zip.sha256.sig
Be positive to use the model relative to the one you are verifying, this was model 0.5.0 and releases are made typically, so all the time use the newest one from SeedSigner’s releases page.
- The terminal ought to print “Good signature from ‘seedsigner <[email protected]>’”
- You will see the warning about the important thing not being licensed, see the instance in “Step Two, A” for an in depth clarification. Long story brief, this is effective.
- Now you’ll be able to confirm the hash worth with:
shasum -a 256 -c seedsigner_0_5_0.img.zip.sha256
Again, ensuring to use the model applicable for you.
- The terminal ought to print “seedsigner_0_5_0.img.zip: OK”
- You can ignore the warning about improperly formatted traces should you get it.
That’s it, you are carried out verifying the .zip file you downloaded. You can now transfer on to flashing the picture to the microSD card within the subsequent step.
Step Three: Flash
Using a program like Balena Etcher makes flashing the SeedSigner picture simple. Navigate to the Balena Etcher website the place you’ll be able to obtain the appliance applicable in your working system. Follow your system prompts to set up. Make positive you’ve got a microSD card at the least 4 GB in dimension formatted and related to your pc.
Once you’ve got Balena Etcher put in and opened, choose “Flash from file.”
Select the .zip file from the file explorer. The .zip file can stay in its compressed state, Balena Etcher will decompress it.
Select the goal drive that you really want to flash the picture file to. You need to select your microSD card right here.
Click on the “Flash!” button and the flashing course of ought to begin routinely. The progress bar will transfer over to the left-hand aspect of the appliance and a few promotional dialogs can be displayed on the right-hand aspect of the appliance. You don’t want to work together with the promotional dialogs, simply let the flashing course of run.
There are three levels of the flashing course of: decompression, flashing and validation. Just let the software program run via all of the steps and don’t disconnect the microSD card throughout this course of. If you get any working system prompts saying the drive wants to be formatted, simply ignore them.
Once completed, you need to obtain a message that permits you to know the flash was accomplished efficiently. If it was not accomplished efficiently, strive once more and if the issue persists, then think about using a unique microSD card.
You can shut the Balena Etcher utility. Safely eject the microSD card out of your pc in case your system has not carried out so already. Now you are prepared to mock up your {hardware} and check it prior to closing meeting.
Hardware
This part demonstrates how to check and assemble the SeedSigner equipment and in addition offers particulars on what every element is and different locations to buy these parts in case you do not need to buy the entire equipment from one vendor. Best apply is to check that your parts energy on and the SeedSigner software program works prior to meeting. The enclosure and or parts might be broken should you try disassembly.
The Enclosure
The enclosure included within the equipment is an open-faced design, different designs are out there from distributors linked beneath. The enclosure is 3D printed, you’ll be able to even download the file and print one your self. Be positive to try some community designs as effectively. The enclosure featured right here is designed to be essentially the most fundamental enclosure and the quickest to reproduce. Varius enclosure design information might be downloaded from here, and there are numerous distributors that provide alternate designs here, here and here.
The enclosure outer dimensions are 80 mm by 35 mm by 26 mm and there are numerous retention bumps, assist ledges and journals to match the parts snugly inside.
The enclosure additionally options openings for the digicam lens, micro USB ports, HDMI port and microSD card port.
If you do not need to get the entire equipment, you should buy a standalone enclosure of assorted designs from the next distributors:
The Camera And Cable
The digicam is a 5MP OV5647 sensor, 30 frames per second (FPS), 2,592 pixel by 1,944 pixel decision video digicam module designed for a spread of Raspberry Pis. The working voltage is 1.7 volts direct present (VDC) to 3 VDC. This module measures 25 mm by 24 mm by 9 mm. The digicam ships with a protecting movie over the lens — make certain to take away this prior to meeting.
You need the “HBV-Raspberry-160FPC” golden ribbon cable for the Raspberry Pi Zero. This cable has a 16-flat-pin connector aspect measuring 16 mm, a 22-flat-pin connector aspect measuring 11 mm and the general size is 160 mm.
If you do not need to get the entire equipment, you should buy a standalone digicam and cable from the next distributors:
- EU/U.Okay. supply out there from GoBrrr
- North America supply out there from Amazon
- Philippines supply out there from TechHaven
The Raspberry Pi Zero v1.3
The Raspberry Pi Zero is the smallest single-board pc Raspberry Pi manufactures. The v1.3 pc includes a 1 gigahertz (Ghz) single-core CPU, 512 MB of RAM, mini-HDMI port, one micro USB port for energy solely, one micro USB port for information switch, a hardware-attached-on-top (HAT)-compatible 40-pin header, composite video and reset headers, a microSD card slot and a CSI digicam connector. The full {hardware} specification might be discovered here.
The Raspberry Pi Zero measures 66 mm by 31 mm by 11 mm.
If you do not need to get the entire equipment, you should buy a standalone Raspberry Pi Zero from the next distributors:
If you are having a troublesome time discovering the Raspberry Pi Zero {hardware}, some different sources are Rpilocator or presumably the Raspi Zero W — be sure that to do your homework on compatibility with this model prior to buying it. Alternatively, should you are solely ready to discover the WiFi- and/or Bluetooth-enabled variations of the Raspberry Pi Zero, then this information by @DesobedienteTec will present you the way to disable the communication radios.
The Waveshare LCD HAT Display
The Waveshare LCD HAT is a 65 mm by 30 mm module that attaches to the 40-pin connector on the Raspberry Pi Zero. This module includes a 240 pixel by 240 pixel decision RGB show measuring 39 mm diagonally. The embedded controls use a joystick and three push buttons. The working voltage is 3.3 vdc. More specs might be discovered here.
If you do not need to get the entire equipment, you should buy a standalone Waveshare LCD HAT show from the next distributors:
Testing And Assembly
Testing
Testing the {hardware} with the SeedSigner software program is a good suggestion. If you assemble every little thing after which discover out that one thing does not work, you’ll be able to injury the parts and/or enclosure attempting to disassemble it.
Step One: Release Camera Retainer
On the Raspberry Pi Zero board, gently pull the tabs out on the digicam connection port. When these tabs are depressed, they will lock the ribbon cable in place.
Step Two: Connect Ribbon Cable
Make positive the ribbon cable is going through the right path, the gold connectors ought to be going through the underside aspect of the Raspberry Pi Zero circuit board. Insert the ribbon cable till it stops, then press the tabs down to lock the ribbon cable in place.
Step Three: MicroSD Card
Insert the microSD card with the flashed SeedSigner picture. Ensure the MicroSD card is going through the right path — once more the gold contacts ought to be going through the underside of the Raspberry Pi Zero circuit board.
Step Four: Display
Connect the LCD show, ensuring that the pins on the Raspberry Pi Zero circuit board are all straight and that they will not get bent by being misaligned. This will simply loosely connect to the Raspberry Pi Zero circuit board, it is not going to snap into place till you do the ultimate meeting within the 3D-printed enclosure.
Step Five: Power On And Test
Connect your energy cable and wait about 45 seconds for the SeedSigner to activate. Then check out the joystick and buttons on the LCD show and make sure that the digicam works.
Now that you’ve got checked that every little thing is working, you’ll be able to energy off the SeedSigner by deciding on the facility icon within the higher right-hand nook from the principle menu. Then you’ll be able to disassemble every little thing and re-assemble it within the 3D-printed enclosure.
Assembly
Prior to trying meeting, guarantee that you’ve got examined that every little thing works by connecting the digicam and show to the RaspberryPi Zero, inserting the microSD card with the SeedSigner picture loaded, and powering on the machine by connecting a micro USB cable to the facility enter port.
Step One: Materials Check
Gather your examined parts. You ought to have the 3D-printed enclosure, Raspberry Pi Zero, microSD card, LCD show, digicam module and ribbon cable.
Step Two: Camera Module
Remove the protecting layer of movie from the digicam lens. Then snap the digicam module into place below the retainer clips. If the ports for the USB connections are going through away from you then the ribbon cable ought to be going to the right-hand aspect.
Step Three: Raspberry Pi Zero
Insert the Raspberry Pi Zero circuit board. Make positive you take away the microSD card first. The ribbon cable will fold over the digicam module, with the slack tucking beneath the enclosure recess.
Align the USB connectors with the ports on the enclosure, the circuit board can be at a slight angle, then you’ll be able to press down on the aspect with the pins till you hear it snap into place.
Step Four: MicroSD Card
Then you’ll be able to insert the MicroSD card once more. Then press the LCD show into place on the PINs of the Raspberry Pi Zero circuit board, taking care to make sure the pins are aligned. This ought to match tightly and never be free.
Step Five: Power On And Test
Plug in your energy cable and ensure every little thing works. Then you are prepared to begin organising your new Bitcoin seed phrase.
You could find a way to discover extra sources in this information by @shishi21m.
Generate A New Seed
This part will reveal two strategies to generate a brand new grasp seed with the SeedSigner, with the digicam or with cube, in addition to how to calculate the checksum of a mnemonic phrase and in addition how to import a pre-existing mnemonic phrase.
The grasp seed is only a quantity, a extremely lengthy and random quantity. In truth, this quantity is so lengthy and random that it may be thought-about really distinctive. Practically talking, the one place within the universe this quantity exists is in your SeedSigner once you create it. For all intents and functions, for somebody to guess this quantity could be like guessing the very same atom from your entire observable universe that you just secretly picked.
This actually lengthy random quantity is utilized in some intelligent cryptographic capabilities to deterministically derive your Bitcoin pockets non-public/public key pairs. In different phrases, this is how one can generate many receiving addresses and spend from them. There are a number of methods to signify these lengthy random numbers; binary ones and zeros, hexadecimal 0 to 9/A to F, a QR code, or perhaps a checklist of phrases. Humans have a troublesome time dealing with a numeric illustration that is as summary as 256 ones and zeros, this is why the phrase lists (or mnemonic phrases) are a well-liked answer. The lengthy random quantity is was a listing of phrases that are simpler for the person to write down and interpret later with accuracy.
If you need to study extra concerning the processes used with hierarchical deterministic wallets and mnemonic phrases, try BIP32 and BIP39.
Your SeedSigner can talk this quantity to you within the type of a listing of English phrases or a QR code; each strategies include the identical info, your grasp seed. Keep in thoughts that anybody who features entry to this grasp seed info can use it to re-create your Bitcoin pockets and take the bitcoin from it, so make certain to deal with this info securely and privately.
You could have a few selections when creating a brand new seed: seize a picture or roll some cube. Both processes contain randomness, which is a key factor in making a safe grasp seed that can’t be guessed. Best apply is to use a 256-bit quantity in your grasp seed which interprets to a 24-word mnemonic; the 12-word mnemonics are created from 128 bits.
Method One: With Camera
No two photos can be precisely the identical and they will all produce drastically completely different grasp seeds. The randomness of the image-method includes taking info from a number of frames prior to the picture itself, together with some info within the picture in addition to the distinctive serial variety of the Raspberry Pi Zero processor and the variety of milliseconds the machine has been powered on for.
Step One: Initiate Camera
From the SeedSigner important menu, navigate to “Seeds” then “+ Create a seed” then “;camera icon’ New seed.” This will activate the digicam. During this time prior to you taking the picture, the SeedSigner is capturing frames and utilizing info from these frames to embrace within the technology of your grasp seed.
Step Two: Capture Image
Take a picture of one thing distinctive. The SeedSigner will show the captured picture after which you’ll have a alternative to “reshoot” or “accept,” transfer the joystick within the applicable path in your choice.
Step Three: Mnemonic Length
Next, you’ll be requested which mnemonic size you need to use, 12-words or 24-words. Accept the warning telling you that this info wants to stay non-public and safe.
Finally, your mnemonic phrase can be displayed. The display shows 4 phrases at a time.
Follow the instructions within the subsequent part, “Seed Backup,” to see how to safe this info.
Method Two: With Dice
The randomness of the cube rolls is fairly self explanatory, greatest apply is to use a balanced cube. The technical definition of entropy with a six-sided cube is calculated by “log2(6) = 2.58 bits of entropy,” this is why it takes 50 rolls for 128 bits or 99 rolls for 256 bits: “log2(6)*99 = 255.9.” By rolling a cube 99 instances, you are offering the randomness obligatory to create a random quantity that is inconceivable to guess. The cube technique offers you a alternative between 128 bits/50 rolls/12 phrases or 256 bits/99 rolls/24 phrases.
Step One: Initiate Dice Entry
From the SeedSigner important menu, navigate to “Seeds” then “+ Create a seed” then “‘dice icon’ New seed.” Then choose which mnemonic size you need to use, 12 phrases or 24 phrases. Accept the warning telling you that this info wants to stay non-public and safe.
Step Two: Roll The Dice
Next, you’ll be able to roll your cube after which enter the consequence by deciding on that quantity on the SeedSigner display and pushing the joystick. Repeat this course of for all your rolls.
Step Three: Finalize
When you enter the final roll, the SeedSigner will show the warning about sharing this info. Accept the warning telling you that this info wants to stay non-public and safe. Finally, your mnemonic phrase can be displayed. The display shows 4 phrases at a time.
Follow the instructions within the subsequent part, “Seed Backup,” to see how to safe this info.
Calculating A Mnemonic Checksum
The SeedSigner may import a pre-existing mnemonic phrase of both 12-word or 24-word size.
You may calculate the final phrase of a mnemonic phrase with the SeedSigner. A 256-bit quantity is not fairly lengthy sufficient to generate 24 phrases. Each phrase represents 11 bits of the unique 128 bit or 256 bit grasp seed. Each 11-bit section interprets to a numeric worth on an index from zero to 2,047.
Each of the two,048 phrases on the BIP39 checklist corresponds to a unique numeric worth on this index. For instance, “256 / 11 = 23.27” however the mnemonic is 24 phrases or “128 / 11 = 11.63” however the mnemonic is 12 phrases. The unique grasp seed is hashed with the SHA-256 algorithm, that hash worth is hashed once more. For a 128-bit grasp seed, the final 4 bits from that secondary hash worth is appended to the tip of the primary hash worth; for a 256-bit grasp seed, the final eight bits from that secondary hash worth is appended to the tip of the primary hash worth. This offers a checksum, so actually your twelfth or twenty fourth phrase is really a checksum that the remainder of the continuing mnemonic is right. When you add 4 bits to 128 bits you get 132 bits, which equals 12 11-bit phrases. When you add 8 bits to 256 bits you get 264 bits, which equals 24 11-bit phrases.
SeedSigner can calculate this checksum for you and let you know what the twelfth or twenty fourth phrase is primarily based on the remainder of the continuing mnemonic. This could also be useful in case you have a mnemonic phrase that is lacking the final phrase, or if you’d like to double verify a mnemonic, or if you’d like to decide your personal phrases from the BIP39 checklist. However, selecting your personal phrases from the BIP39 checklist will most likely not be as random as utilizing the random quantity generator present in instruments just like the SeedSigner.
From the principle menu navigate to “Seeds” then “+ Create a seed” then “Calc 12th/24th word” then choose mnemonic size “12 words” or “24 words.”
On the following display you can begin getting into the primary 11 phrases for a 12-word mnemonic or the primary 23 phrases for a 24-word mnemonic. Start by getting into the primary letter of the specified phrase, the out there letters to select from for the following letter can be decreased to the one choices primarily based on the BIP39 thesaurus. You may scroll up or down via a listing on the right-hand aspect of the display utilizing the “KEY1” and “KEY3” buttons on the HAT show. When you discover the phrase you need, push “KEY2” on the HAT show to choose that phrase and transfer on to the following one. Continue this course of till all 11 or 23 phrases have been entered.
After the eleventh or twenty third phrase has been entered, the SeedSigner will show the ultimate phrase. You could have the choice to load that seed into the SeedSigner’s lively reminiscence and apply an elective passphrase as effectively.
Importing A Mnemonic Phrase
You may import a pre-existing 12-word or 24-word mnemonic in its entirety. From the principle menu, navigate to “Seeds” then choose “Enter 24-word seed” or “Enter 12-word seed.” Then observe the identical course of above, deciding on the primary letter of every phrase till you discover the specified phrase and urgent “KEY2” on the HAT show to choose that phrase. If you enter a phrase incorrectly, the calculated checksum can be incorrect and the SeedSigner will provide you with a warning.
Once all of the phrases have been entered you’ll be offered with the pockets fingerprint and given the choice to apply an elective passphrase.
Seed Backup
This part will reveal how to backup the grasp seed generated on the SeedSigner. There are two methods to backup this info: as a mnemonic phrase or as a QR code. A mix of those two strategies can be utilized for redundant backups. Anyone who features entry to this info can be ready to steal your bitcoin, so make sure that you’re taking precautions when dealing with this info. Some fundamental greatest practices are to by no means retailer this info in a textual content file, do not reserve it to a pc, do not take an image of it and do not communicate the phrases out loud. Handle this info as if it have been gold, money or jewellery.
Both the mnemonic phrase and the QR code might be transcribed visually from the SeedSigner show with out having to join the SeedSigner to any machine to switch the data. This retains the SeedSigner fully air gaped whereas exporting the grasp seed. The info might be transcribed to an included paper card or to a stainless-steel QR code plate, out there from Vulcan21.
Paper playing cards might be fast and simple to fill out, hidden in many various locations and simply distributed to completely different geographic places. Steel plates can take extra time to arrange, they will not be as simply concealable, however the metal plates will stand up to excessive environmental circumstances like hearth and flooding; they are rather more strong than paper.
After you generate a brand new seed in your SeedSigner, both by taking a picture or by finishing cube rolls, the SeedSigner will direct you to the mnemonic phrase. The mnemonic phrase can be a listing of both 12 or 24 English phrases. If you want to show the mnemonic phrase once more after your seed has already been created you’ll be able to scan in your QR code and navigate to “Backup Seed” then “View Seed Words” then settle for the warning after which the checklist of 12 or 24 phrases can be displayed. If you didn’t write down your mnemonic phrase or transcribe your QR code when initially creating your grasp seed and you’ve got cycled the facility in your SeedSigner, then you have to to create a brand new seed as there is no method for the SeedSigner to retailer that info in reminiscence.
Note Card
When you create a brand new seed, SeedSigner will direct you to the checklist of 12 or 24 phrases. You need to write these phrases down as they are displayed. The again of the included QR code observe playing cards have area for twenty-four phrases. Write these phrases down legibly and so as. Four phrases are displayed at a time, choose “Next” till you’ve got cycled via all of the phrases.
Select “Done” when completed and the SeedSigner will immediate you to check your self in your backup, it is greatest apply to take this check to guarantee your backup was written down appropriately. On the reverse aspect of the observe card is a clean 29 by 29 QR code grid. You can visually transcribe your grasp seed in QR code format onto the observe card. This makes importing your pockets into SeedSigner as quick as scanning a QR code might be. After taking the check to verify the mnemonic phrase, you’ll be able to scroll down the menu in your SeedSigner to “Backup Seed” then “Export as SeedQR” then “I Understand” then “Begin 29×29.”
The SeedSigner will then show a magnified view of the QR code, one section at a time beginning on A1. You can toggle the joystick to navigate via the remainder of the segments and visually transcribe the darkened squares you see on the display to the cardboard utilizing a everlasting marker. There are 4 predefined squares on the QR code, that are already printed on the cardboard for you.
There is error correction constructed into the QR code scanning software program, which means that should you misplace just a few squares, the SeedSigner will nonetheless find a way to produce your seed. Try to be as correct as doable although.
Once you’ve got the QR code transcribed, check it by scanning it and checking the fingerprint, an eight-character string that uniquely identifies your pockets.
If you are utilizing a passphrase in your pockets, you have to to resolve the way you need to deal with this added piece of knowledge. A passphrase might be considered a thirteenth or twenty fifth phrase added to your mnemonic phrase. A passphrase is usually a string of any mixture of uppercase letters, lowercase letters, numbers and particular characters. Only you’ll know this passphrase and there is no method for the SeedSigner or anybody to make it easier to get better a misplaced or forgotten passphrase. By getting into a passphrase in your pockets, this added piece of knowledge can be required every time you need to entry this pockets sooner or later.
There is a instrument maintained by @BitcoinQ_A that may help you in attempting completely different passphrases over a mnemonic phrase in case you write down the passphrase incorrectly however have a tough thought of what it ought to be. You can enter your mnemonic phrases and a receiving deal with and check completely different passphrases. Use this instrument offline by downloading it, don’t enter your mnemonic phrase or passphrase right into a network-connected machine.
Visit Bitcoiner.Guide/seed/ to study extra.
Decide if you’d like to write down the fingerprint for the mnemonic phrase pockets, or the fingerprint for the passphrase-applied pockets, or each. In this instance, the generated fingerprint as soon as the QR code is scanned is completely different from the fingerprint generated as soon as the passphrase is utilized.
Or on this instance, the first pockets fingerprint is famous on the prime after which the fingerprint for the passphrase-applied pockets is famous on the backside with the indicator “PP” for passphrase. Keep in thoughts too that should you retailer your mnemonic phrase along with your seed phrase then an adversary would have all the data they want to steal your bitcoin. However, should you retailer your passphrase separate out of your mnemonic phrase then there is added safety.
One factor to take into account as effectively is that though the fingerprint itself is not going to put the safety of your bitcoin in danger instantly, the easy existence of a further fingerprint might be sufficient to tip off an adversary that there is one other bitcoin pockets which a passphrase is wanted to entry. If you arrange a duress pockets with a small quantity of bitcoin within the major pockets and nearly all of bitcoin within the passphrase-applied pockets, this might be a consideration for you.
QR Code Steel Plate
The preliminary course of for making a metal QR code backup is a lot the identical as for the observe card model. After you’ve got secured your mnemonic phrase, on the SeedSigner navigate to “Backup Seed” then “Export as SeedQR” then “I Understand” then “Begin 29×29.” Alternatively, you can transcribe this info from a pre-existing observe card QR code if you have already got one backup that you just are upgrading to metal.
Use a everlasting marker to mark the place the punches ought to be made.
If you make a mistake, you’ll be able to take away the everlasting marker with acetone and a Q-tip. There is error correction software program within the SeedSigner that tolerates some misplaced dots, nevertheless it is greatest apply to be as correct as doable.
Prior to stamping the dots with a punch, check the QR code with the SeedSigner.
Now you are prepared to stamp the dots completely into the metal plate with a punch. This demonstration makes use of what is often called a “Prick Punch” and a 4-pound mini sledge hammer on a concrete flooring. Having a strong floor to hammer on and a heavy hammer is key to getting crisp, clear punches.
A letter and quantity stamp set can be utilized to mark extra info onto the metal plate such because the fingerprint. Again, make cautious issues of how you’ll retailer info associated to passphrase utilized wallets. In this instance, the first fingerprint is marked on prime — this is the ensuing fingerprint when the QR code is scanned. On the underside, the “PP” indication is used to symbolize “passphrase” adopted by the ensuing fingerprint when the passphrase is utilized.
Be positive to check your stamped QR code metal plate by scanning it along with your SeedSigner. Be conscious that you could be want to strive completely different lighting circumstances.
You ought to have well-defined and clear marks in your metal plate that match the observe card QR code.
Your Steel QR code is now prepared to be securely saved.
Fire Test
To confirm that the pockets info might be recovered within the occasion of catastrophic occasions resembling hearth, the metal plate was heated up to slightly below melting temperatures utilizing an oxygen and acetylene torch. Ideally, within the occasion of a fireplace, the QR code on the metal plate would nonetheless find a way to be scanned and recovered rapidly. However, hearth could cause the end on the plate to disappear leaving little or no distinction between the plate background and the darkened areas.
Recovery on this case can nonetheless be doable by visually transcribing the data from the burnt QR code metal plate to a paper observe card after which scanning the QR code on the observe card. This stress check revealed that the metal plate can stand up to temperatures slightly below 1,500° C, effectively above typical home hearth temperatures, and the data contained inside the metal plate was nonetheless 100% recoverable by visually transcribing the QR code to a paper observe card.
You can watch the hearth check within the full video at this link.
The pockets was 100% recoverable by transcribing the data on the burnt metal plate to a observe card after which scanning the observe card with the SeedSigner. Attempts have been made to modify the end of the metal plate after the hearth check to see if sufficient distinction might be introduced again to enable for scanning. A brass bristle brush was used, in addition to some solvent to take away any remaining carbon, then some oil was utilized which simply prompted the floor to flip a brown hue, and at last a polish wheel was used on the floor and a everlasting marker was used to colour within the stationary squares within the 4 corners of the QR code. But the QR code wouldn’t scan. Transcribing it although did work simply effective.
As an instance of the error correction in motion, you’ll discover that some dots have been mis-stamped in section B6 when transcribing the QR code to the metal plate. The dots have been later re-stamped within the right place, all three variations of the QR code produced the identical seed.
Sparrow Wallet
This part will reveal how to import your pockets to Sparrow Wallet from SeedSigner. The idea right here is that the SeedSigner will use your non-public key to signal transactions and Sparrow Wallet will generate these transactions for the SeedSigner to signal. This method, you’ll be able to maintain your non-public key off of a network-connected machine whereas nonetheless having the ability to verify your pockets stability and generate receiving addresses safely.
Importing a pockets on this method allows you to have a “watch-only” pockets out there in your private pc (PC) with out placing your bitcoin non-public keys in danger. The watch-only pockets can show your stability and generate receiving addresses with out you needing to undergo the method of opening your pockets along with your SeedSigner every time. You would simply use your SeedSigner once you need to signal transactions from this pockets to spend these bitcoin.
For extra info on putting in Sparrow Wallet and connecting it to a node, try the Sparrow Wallet website.
This demonstration makes use of Sparrow Wallet put in on a Windows desktop utilizing Bitcoin Core because the node backend.
Step One: Initiate Import
Once you’ve got Sparrow Wallet put in and open in your PC, navigate to “File” then “Import Wallet”
Step Two: Device Selection
In the pop-up window, scroll down and choose “SeedSigner” then “Scan” to launch your webcam.
Step Three: Export Watch-Only Information
- On your SeedSigner, scan your seed QR code and enter your passphrase
- Then go to “Export Xpub” and choose your pockets
- Then select your quorum sort, “Single Sig” or “Multisig” (single sig is used on this demo).
- Then select your script sort (the type of addresses you need to use) “Native Segwit” or “Nested Segwit”
- Then choose your Bitcoin pockets utility (Sparrow Wallet on this instance).
You will obtain a warning about privateness implications of exporting your xpub, then you’ll have an opportunity to overview the main points. Once you choose “Export Xpub” the sequence of animated QR codes will start and you may maintain your SeedSigner up to your PC webcam in order that Sparrow Wallet can collect the main points it wants to import your watch-only pockets.
If you are having hassle with the brightness of the HAT show, you’ll be able to maintain the joystick within the up or down place in the course of the animated QR code loop to change the brightness of the display. There are proper brightness ranges from very dim to very vibrant.
Step Four: Finalize Import
Back in Sparrow Wallet, when you scan the animated QR codes, you’ll be able to identify your new pockets and add an elective password. Be cautious not to confuse this password along with your passphrase. This password in Sparrow Wallet is simply to encrypt the pockets file in your PC.
Step Five: Receiving Bitcoin
Once your node finishes scanning for any transactions (computerized course of), you’ll be at your pockets residence display in Sparrow Wallet. If you click on on the “Receive” tab on the left-hand aspect of the interface, you will note the primary deal with in your SeedSigner that you may deposit some bitcoin to.
Once you make a deposit, the transaction ought to present up straight away in Sparrow Wallet as “Unconfirmed” till it receives some block confirmations. Once this sediment is made, a signature out of your SeedSigner can be required to spend it.
Creating A PSBT
Once you’ve got bitcoin deposited to your pockets, you’ll be able to create a partially-signed bitcoin transaction (PSBT) in Sparrow Wallet. Then you’ll be able to change QR codes backwards and forwards between the SeedSigner and Sparrow Wallet to signal the transaction in an air-gapped vogue along with your SeedSigner.
Step One: UTXO Selection
From Sparrow Wallet, navigate to your “UTXOs” tab on the left-hand aspect of the interface. Then choose the UTXO you need to spend. Alternatively, you can simply choose the “Send” tab as a substitute and enter an quantity, however on this instance your entire UTXO is being spent.
Step Two: Build Transaction
- On the following display, you’ll be able to enter the deal with you need to spend the bitcoin to.
- Add a label so that you keep in mind what the transaction was for.
- Enter the quantity (or choose most quantity on this case).
- Set your miner price charge
- Then click on on “Create Transaction” upon getting all the main points stuffed in.
Step Three: Finalize Transaction
On the following display you’ll be offered with the transaction ID (txid) and a graph displaying the inputs and outputs to the transaction. Click on “Finalize Transaction for Signing.”
Step Four: Animated QR Codes
On the following display, click on on “Show QR” and Sparrow Wallet will show a sequence of animated QR codes in a pop-up window. Then you’ll be able to scan these along with your SeedSigner. If you haven’t carried out so already, you have to to energy in your SeedSigner, scan your QR code seed phrase, enter your passphrase after which choose the choice to signal the PSBT.
Step Five: Confirmation
On your SeedSigner you’ll verify a number of particulars about this transaction:
- Make positive you choose the right pockets, noting the fingerprint.
- Check the quantity and enter/output graph.
- You can be warned if this is a full spend.
- Verify that the transaction math checks out.
Step Six: Signing
- Double verify the deal with you are sending to.
- Approve the PSBT if every little thing appears good.
- Select the Bitcoin pockets utility you are working with (Sparrow Wallet on this case).
- In Sparrow Wallet, choose “Scan QR” then maintain up the animated sequence of QR codes flashing on the SeedSigner display.
Step Seven: Broadcast
Once the main points are obtained by Sparrow Wallet, then choose “Broadcast Transaction.”
Once your transaction is broadcast to the Bitcoin community, then you should utilize your favourite block explorer to regulate it.
Importing Private Key
As of Sparrow Wallet model 1.6.4, you’ll be able to scan your non-public key QR code and import to Sparrow Wallet. If you are attempting to maintain your pockets air gapped, then don’t try this as it’s going to put your non-public key on a tool that is both presently related to the web or has been/can be related to the web. The danger right here is that you can be making a scorching pockets.
By following the steps beneath, Sparrow Wallet will write a pockets file to your PC. This pockets file will include your non-public key. If your pc is compromised sooner or later and this file is discovered then your bitcoin might be in danger. Using a password to encrypt this pockets file is a minimum-recommended precaution should you select to proceed. A passphrase is not going to be saved within the pockets file and this is one other safeguard you should utilize to assist defend your bitcoin within the occasion that your non-public key is uncovered. Importing a personal key might be helpful for rapidly producing your pockets, establishing a transaction and broadcasting it with out having to go particulars backwards and forwards to the SeedSigner if you end up in a state of affairs the place time is of the essence and your signing machine is unavailable to you.
If you need the comfort of having the ability to generate receiving addresses and checking your stability with out the safety vulnerability of getting your non-public keys on a network-connected machine, then use the watch-only pockets choice described above. You may signal a PSBT in Sparrow Wallet utilizing your SeedSigner QR code and Sparrow Wallet is not going to save that info, should you are in an emergency.
Step One: Initiate Import
In Sparrow Wallet, navigate to “File” then “Import Wallet.”
Step Two: Select Method
A window will pop up with a number of import choices. On the “Mnemonic Words” choice, click on on the drop-down menu and select “Scan QR.”
Step Three: Scan QR Code
Your webcam ought to routinely launch, maintain up your SeedSigner non-public key QR code so Sparrow Wallet can collect the main points.
Step Four: Passphrase
If you’ve got a passphrase utilized to your pockets, enter it now. Then click on on “Discover Wallet.”
Step Five: Name Wallet
Then you’ll be requested to identify your new pockets. Once you’ve got entered a reputation, click on on “Create Wallet.”
Step Six: Add Password
Optionally, you’ll be able to add a password to defend this pockets file. This password shouldn’t be confused along with your passphrase. This password will encrypt the pockets file saved in your PC.
Step Seven: Confirm Passphrase
You will then be requested to verify the passphrase you entered.
Now you’ve got a fully-functional pockets out of your SeedSigner reside in Sparrow Wallet. Remember, should you are utilizing Sparrow Wallet on a network-connected PC then this is not an air-gapped pockets. However, now you can rapidly assemble and broadcast transactions.
Another profit is that now you could find your PayNym to begin making collaborative transactions and you should utilize the Sparrow Wallet Whirlpool implementation for the privateness advantages.
Navigate to “Tools” then “Show PayNym.”
Then click on on “Retrieve PayNym.”
To study extra about making collaborative transactions or utilizing Whirlpool, try the paperwork part of Sparrow Wallet website or the privateness part of the Bitcoiner.Guide website.
Multisig
This part demonstrates how to arrange a multisig pockets utilizing SeedSigner and Sparrow Wallet.
Step One: Generate Seeds
First, create as many new seeds as you need in your multisig quorum. Follow the identical course of defined within the “Generate-Seed” part, use both the picture seize technique or the cube roll technique. You can apply an elective passphrase as effectively.
In this instance, 4 new seeds have been generated to assemble a four-of-four multisig. A passphrase was utilized to each.
Step Two: Create Multisig Wallet In Sparrow
- In Sparrow Wallet, navigate to “File” then “New Wallet.”
- Then identify your new multisig pockets.
Step Three: Configure The Multisig Quorum
- Select “Multi Signature” from the coverage sort drop-down menu.
- Set the “M of N” cosigners. This is the minimal variety of required signatures you need in your pockets. Typical quorums are three-of-five or five-of-seven, and so forth. Four-of-four was used on this instance.
- You will discover {that a} new keystore tab seems on the backside of the display for every of the cosigners you add.
- Once that is set, you’ll be able to choose “Airgapped Hardware Wallet” to import the primary cosigner. The xpub info can be exported from SeedSigner for every pockets on this instance to protect the air-gapped benefit.
Step Four: Initiate PC Webcam
Once you click on on “Airgapped Hardware Wallet,” a window will pop up with a number of choices, subsequent to the SeedSigner icon, click on on “Scan.” This will launch your PC webcam.
Step Five: Export Xpub
- On your SeedSigner, you need to have all your seeds loaded that you really want to export. If you want to, scan the QR codes to load them now. Select the primary one.
- Scroll down to “Export Xpub.”
- Select “Multisig.”
- Select script sort, “Native Segwit” was used on this instance
- Then choose the pockets utility, “Sparrow” was used on this instance.
- Accept the warning concerning the potential privateness leak exporting your xpub poses.
Step Six: Confirm Details
SeedSigner will show the main points of what you are about to export. Look them over and ensure every little thing is right. You need to make sure that the displayed fingerprint matches the passphrase-applied fingerprint you’ve got written down.
Step Seven: Import Xpub
The SeedSigner will begin to flash a sequence of animated QR codes that include your xpub info. Hold this up to your PC webcam in order that Sparrow Wallet can collect the main points obligatory to import your first cosigner.
Step Eight: Confirm And Repeat
Once Sparrow Wallet will get the main points that it wants, it’s going to populate a number of fields below the primary keystore tab. Double verify that this info is right, taking care to make sure the fingerprint is right. If every little thing appears good, then click on on the second keystore tab and repeat that course of along with your second cosigner, then once more in your third, and so forth.
Step Nine: Finalize
Once you’ve got all your cosigners imported, click on on “Apply.”
If you need to add an elective password, you are able to do so when Sparrow Wallet prompts you. This is not to be confused along with your passphrase. The password encrypts the pockets file saved in your PC.
Spending
Your new multisig pockets is now prepared to deposit to. You can generate obtain addresses from Sparrow Wallet and deposit bitcoin. You will want your minimal variety of cosigners to every signal the transaction to spend bitcoin deposited to this multisig pockets.
When you need to spend your bitcoin, navigate to the “Send” tab in Sparrow Wallet and fill out the deal with you would like to spend to, add a label, set the quantity to spend and choose a miner price charge. Then click on on “Create Transaction.”
Then click on on “Finalize Transaction for Signing.”
Then you will have the option to display the transaction QR code so that you can scan it from the SeedSigner with the appropriate cosigners loaded. You will have to do each one individually. Once the SeedSigner receives the information it needs, it will display the signed PSBT as an animated QR code to be scanned by your PC webcam for Sparrow Wallet to receive. This is the same process used for signing transactions covered in the “Sparrow Wallet” section, only you have to do it for as many minimum number of cosigners you have set on your multisig wallet.
Example
To spread awareness of SeedSigner, Sparrow Wallet and multisig wallets, 100,000 sats were deposited to the four-of-four multisig wallet in this guide. You can see the transaction here: mempool.area.
The scavenger hunt was introduced on Twitter right here: econoalchemist.
The Importance Of Self Custody
Understanding the context for self custody is a critical aspect of mitigating some of the most pervasive risks involved with Bitcoin, as the saying goes: “Not your keys, not your cash.” Trusting third parties like exchanges with your bitcoin introduces several risks that have the potential to leave you vulnerable to theft, seizure and unrealized capital gains taxes.
Additionally, most custodians, if not all of them, are required to comply with know-your-customer (KYC) regulations that introduce you to even more risks associated with data breaches that leak your personally-identifiable information (PII) to the wide open internet. All Bitcoin transactions are public and if your PII is tied to on-chain data, then you are left with no privacy against the trusted custodian who knows your identity and your on-chain balances. In the hands of a hacker, that information can put your life at risk. Also, since these custodians prioritize their relationship with law enforcement and will always make decisions that do not have your best interest in mind; in the hands of your government, this information can put your freedoms at risk.
If you are interested in learning more about catastrophic events involving trusted third parties, check out these resources:
Many of these risks can be mitigated by taking self custody. The trade off is that you are taking the personal responsibility of securing your bitcoin. You and you alone are responsible for your bitcoin. There are no “1-800” helplines to reverse your transactions and nobody can help you recover a lost or forgotten seed phrase. Luckily there are many tools available to help you achieve safe and private self custody.
SeedSigner is one such tool that combines general-purpose, inexpensive hardware with free and open-source software to provide you with a DIY signing device so you maintain unrestricted, permissionless access to your bitcoin.
Customers of Bitcoin hardware wallet manufactures face certain risks that users should be aware of. There is risk of a supply chain attack where the hardware is intercepted en route and modified in some compromising way prior to final delivery. There is also a risk introduced by exposing personal information to such manufacturers, for example, the Ledger information breach uncovered the PII of over a million clients which led to refined phishing assaults and doubtlessly aided in physical assault and armed robbery. There is additionally the danger of a “sundown” attack where the hardware wallet manufacturer could try different nonces until they guess your master private key based on information obtained by watching your transactions on the public blockchain.
One helpful feature of SeedSigner is that the required components are widely available, inexpensive and general purpose. This means that these parts can be procured in such a way that no indication of using them for Bitcoin is revealed. SeedSigner is sold in a kit from various vendors, so if you purchase the complete kit then it is obvious what the intended use is. However, throughout this guide you will find links to several vendors for the individual components so that you have the resources you need to procure them individually if you prefer.
Video Summary
This video demonstrates a high-level overview of the content within this guide. The video is not meant as a replacement for the information in this guide, only as a supplemental visual assistant that demonstrates testing, assembly, generating a seed, entering a passphrase, backing up a seed via QR code and fire-testing the steel plate.
Trade Offs
No solution is without its trade offs, here are a few things to consider with the SeedSigner (a full list of acknowledged criticisms and vulnerabilities is maintained by SeedSigner here):
- There is no safety mechanism that verifies the software like what is found on other hardware wallets. The user is fully responsible for verifying the authenticity of the software used on the SeedSigner. This is explained in detail for both Windows and Linux users in the “Software” section of this guide. Learn how to use the GPG verification tools to mitigate this concern.
- Saving the private key in a QR code format increases the opportunities that an adversary could get this information. As with any backup information no matter the form, if anyone accesses it they could snap a picture of a list of words or a steel plate or they could just take the backup with them in their pocket. Users benefit from keeping backup information private and secure in the way they would handle gold, jewelry or cash. Having some redundant security in place like a passphrase that is stored separately from the backup information can help mitigate these concerns. Multisig cosigners that are dispersed in different geographic locations can also be beneficial to mitigating a single source of failure.
- Constructing a multisig quorum using the same signing device for all cosigners can introduce a vulnerability if some unforeseen issue arises with that particular signing device. Best practice is to use signing devices from multiple manufacturers to mitigate the risks of a sunset attack and or some security bug that puts your entire multisig balance at risk because you did not diversify the hardware used.
This is a guest post by Econoalchemist. Opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc or Bitcoin Magazine.
