BitKey is a swiss army knife of handy Bitcoin tools built on top of Debian, which we created to scratch our own itch.
We're avid Bitcoin fans but after going to our first local Bitcoin meetup we discovered the elephant in the room was that there was no easy way to perform cold storage Bitcoin transactions where the wallet lives on an air-gapped system physically disconnected from the Internet.
We used the TurnKey GNU/Linux build system to create a self-contained read-only CD/USB stick to satisfy all our Bitcoin needs. Your's too we hope, and if not we're open to suggestions for improvement.
Apps: batteries included!
Apps that are allowed network access in online mode:
- Electrum with wrapper that stores wallet on a USB in a LUKS encrypted loopback filesystem. During creation, displays passphrase strength estimates such as entropy and crack time.
- coinbin: swiss army knife of bitcoin tools
Apps that are not allowed network access even in online mode:
- warpwallet: brainwallet with strong KDF (scrypt+pbkdf2) and salt
- bitaddress: paper wallet generator
- bitcoinpaperwallet: paper wallet generator
- qrcode generator: encodes anything as a qrcode
- zxcvbn: realistic password strength estimator
Advanced tools for Bitcoin ninjas:
- bx: the Bitcoin command line tool (AKA libbitcoin-explorer)
- Chromium web browser: runs in incognito mode by default (only visible in online mode)
- Network manager
- Printer manager
- File manager
- Text editor
Installing BitKey on a USB stick or CDROM
BitKey on CDROM: use your favorite program to burn the ISO to CDROM. Nothing special. CDROMs are naturally read-only and tamper resistant.
BitKey on USB: If you don't burn BitKey to a CDROM, writing BitKey to a USB stick with a hardware read-write toggle (e.g., Kanguru FlashBlu) is the next best thing.
On USB sticks without write protection, you can remove BitKey USB after booting as an additional security measure. BitKey loads into RAM so after booting you no longer need the USB.
Insert USB stick and detect the device path:
$ dmesg|grep Attached | tail --lines=1 [583494.891574] sd 19:0:0:0: [sdf] Attached SCSI removable disk
Write ISO to USB:
$ sudo dd if=path/to/bitkey.iso of=/dev/sdf $ lsblk | grep sdf sdf 8:80 1 7.4G 1 disk └─sdf1 8:81 1 444M 1 part
Formatting your data storage flash drive
By default, BitKey stores your wallet encrypted on a USB flash drive AKA USB stick.
It expects your flash drive to be vfat formatted. This is the standard format for store bought drives. If this isn't the case, BitKey may have trouble detecting your drive. In that case you can reformat the drive from Windows, or on Linux / BitKey using the following steps:
Insert data storage flash drive and detect the device path:
$ dmesg|grep Attached | tail --lines=1 [583494.891574] sd 19:0:0:0: [sda] Attached SCSI removable disk
Reformat the drive:
$ sudo mkfs.vfat /dev/sda1 mkfs.fat 3.0.27 (2014-11-12)
See https://bitkey.io for a detailed introduction and usage guide.
BitKey Live CD/USB supports three modes of operation selected from a boot time menu.
High security - Cold storage boot modes
Two cold storage modes:
cold-offline: create wallet, sign transactions
In this mode, the desktop background is green (mnemonic for cool and safe)
cold-online: watch wallet, prepare transactions
In this mode, the desktop background is blue (mnemonic for cool and informative)
If the instructions are carefully followed, cold storage modes creates an airgap which ensures that your wallet's private keys are never loaded into RAM on a computer connected to the Internet.
Medium security - Hot-online boot mode (red background)
In this mode the desktop background is red (mnemonic for hot and dangerous)
Allows you to create & watch wallet, prepare & sign transactions.
In hot online mode, the private keys are known to a computer connected to the Internet. This is the most convenient mode because you only need one computer. After booting BitKey resides in RAM and saves nothing to your hard drive.
The flip side is smaller security margins:
- You need to trust that your copy of BitKey hasn't been tampered with and that the original signed BitKey image hasn't been compromised.
- If you use a network enabled app (e.g., Chromium) and an attacker exploits a zero-day vulnerability to gain access to your online system, say goodbye to those Bitcoins!
Low security - Hot storage on your PC/phone
In this mode you don't use BitKey or any hardware wallet type device. Your wallet's private keys are stored on your phone or PC and known to an Internet enabled device that is vulnerable (or will be sometime in the future) to the efforts of thieves who would like nothing more than to steal your Bitcoin.
You rely on the magical power of wishful thinking. You're not important enough to get hacked and any opportunistic malware infection you do get is not going to include any Bitcoin stealing functionailty. Right? Right! Good luck!
Paranoid brainwallet support - Jason Bourne mode
Hardest to use but leaves no trace of wallet keys in any storage medium. Minimizes trust in BitKey. Your wallet keys are only stored in your head.
Inspired by how Jason Bourne stores his Bitcoin:
Generating wallet step
- Boot BitKey in cold-offline mode, remove BitKey USB
- Generate Warpwallet with a strong passphrase and your e-mail as salt
- Save public Bitcoin address (e.g., scan qrcode)
- To ensure private keys do not survive in RAM, turn off computer running BitKey and disconnect power source for 15 minutes.
After generating wallet, you can send Bitcoin to this address.
Safety warning regarding salts: do not use Warpwallet without a salt. You're not going to forget your e-mail and using a salt makes attacks vastly more difficult.
Public Service Announcement regarding Warpwallet passphrases:
Humans are poor sources of randomness and much more predictable using statistical models than they think. Technology is ever moving forward and cracking techniques always get better, never worse. You may not be familiar with the state of the art, so be extra careful.
The ideal passphrase is 6 to 8 truly random diceware words. If you're going to try and come up with a random passphrase yourself, be paranoid. They really are out to get you. At least use zxcvbn to measure passphrase strength. It's not perfect, but it should give you a clue. You'll want at least 65 bits of entropy for a salted warpwallet, especially if you are going to be storing funds long-term.
DO NOT USE KNOWN PHRASES, QUOTES OR SENTENCES FROM A BOOK.
More wallets are lost to routine forgetfulness than sophisticated theft. If you're not continually accessing your Warpwallet there is a very high likelyhood you will eventually forget your passphrase after a few months or a few years. You only need to forget a single character for your wallet to be lost forever. This risk needs to be balanced with the risks of making a paper backup.
Consider making a paper backup of your passphrase and destroying it only when you are absolutely sure you will not forget it, then use spaced reptition learning to ensure it stays in memory until you want to access the funds.
Generating unsigned transaction step
This step is easiest to do from an Electrum watch-wallet on a PC, but you can also do it from BitKey:
Boot BitKey in cold-online mode, remove BitKey USB
Restore watch-only wallet and run Electrum, from command line:
$ electrum restore $PUBLIC_ADDRESS $ electrum
Insert USB stick for storing unsigned transaction
Fill in recipient under Send tab and "Save" unsigned transaction to USB at /media/usb/
Signing transaction step
Boot BitKey in cold-offline mode, remove BitKey USB
Insert USB stick where you stored unsigned transaction. Copy to RAM and remove from disk:
$ cp /media/usb/unsigned.txt ~/ # uses RAM for storage $ srm /media/usb/unsigned.txt # secure delete unsigned transaction
Unplug USB stick
Use Warpwallet to restore brainwallet private key
Launch Electrum from command line so that it stores wallet in RAM:
$ electrum -w /tmp/brainwallet
Import private key and sign transaction
- In the Electrum Install Wizard, select 'Restore a wallet or import keys'
- Cut and paste the private key, click Next
- Click Next again (you don't need encryption for a wallet in RAM)
- Tools > Load transaction > From file
- Verify Outputs, Sign & Save signed transaction
Create a QRCode for the signed transaction:
- Open Signed transaction in text editor
- Open qrcode app: cut and paste hex of signed transaction
Scan qrcode of signed transaction with phone and broadcast transaction to network.
Turn off BitKey, disconnect power source, wait 15 minutes to clear RAM
Desktop usage tips (Keyboard and mouse shortcuts)
Full custom keybindings in overlay/usr/share/glib-2.0/schemas/20_custom.gschema.override
Copy, Cut and Paste
Keyboard: Ctrl+C, CTRL+X and CTRL-V
To copy, click text and drag to highlight text to be copied
To paste, left click to focus keyboard, then middle mouse click to paste. If no middle mouse button exists, clicking both right and left buttons simultaneously also works.
- Right-click titlebar
Split screen window positioning:
Dragging window to left or right
This makes a window neatly fill half the screen
Maximize window by dragging to top of screen
Toggle window maximization:
- double click on window titlebar
Minimize window: ALT+F9
Resize window: Alt+F8
Close window with CTRL+W or ALT-F4
Switch between windows (including minimized): Alt+TAB
- Switch workspaces:
- <Win> F1-F4
- <Ctrl> <Alt> Left/Right
- Move window to a different workspace: <Win> <Shift> F1-F4
- Defense in depth: increase security by forcing attackers to overcome a plurality of obstacles.
- Minimize trust: minimize the number of third parties that need to be trusted, and minimize the degree of trust that needs to be placed on the existing trusted parties (e.g., BitKey developers to a degree).
- Minimized complexity: attack surface grows with complexity, so decrease complexity by minimizing number of components, using simpler components (e.g., chromium with webapps)
- Minimum privilege level policy: for example, if a component doesn't need network access, don't give it to it. If a mode doesn't need network access, enforce lack of network access.
- Transparency and verifiability: only use open source components who's integrity can be verified in principle and in which violations of integrity are more likely to be detected.
- Assume and attempt to compensate for human fallibility: avoid assuming users are advanced Bitcoin and security experts. Do the most to protect them from natural mistakes and lack of awareness with more secure defaults, friendly reminders, health warnings, tools for verifying against mistakes.
Change desktop background color to indicate boot mode
- cold-offline: green background
- cold-online: blue background
- hot-online: red background
automatically configures default wallet based on boot mode
In cold-offline mode: wallet is stored in an encrypted LUKS, with enforced passphrase complexity. Following offline wallet generation a watch only wallet is created containing only public keys.
In cold-online mode: only the watch wallet is accessible, the wallet containing private keys is inaccessible so that the user is never accidentally prompted for the passphrase and can't open the wallet online by mistake.
In hot-online mode: separate wallet file, so that even if you store the wallets on the same USB key, you can't accidentally open the cold-offline wallet by booting into the wrong mode.
Disabled networking in cold-offline mode: all plan/net network packages are purged on boot by /usr/lib/bitkey.d/purge-packages script
Deny network access to local webapps (e.g., warpwallet, qrcode generator) that don't need it.
Security in depth that prevents even a trojaned version of the app from leaking information to the network, even in online mode on a non airgapped computer.
All included components are open source
Best effort to verify integrity of source components
- do not accept any component without independent verification
- download upstream archives from most authoritative trusted, verifiable source
- check matching hash sums
- verify PGP signatures when signatures are available
- verify authenticity of PGP keys when possible (e.g., using keybase)
- generate and inspect diff from tagged releases
vouch for source components by signing list of signatures:
gpg --verify /usr/local/src/SHA256SUM.asc
How to build from source
BitKey is built with TKLDev, the TurnKey GNU/Linux build system.
Deploy TKLDev (e.g., as a local VM)
SSH into TKLDev and clone bitkey git repo:
ssh tkldev cd products git-clone https://github.com/bitkey/bitkey cd bitkey make
Reporting a bug, issue or feature request
The ideal bug/issue includes:
- A detailed description of the issue.
- How to reproduce the issue step by step.
- Any extra information that might be relevant, such as your hardware, network card, boot media, any changes made prior to issue, etc.
The ideal feature request includes:
- A detailed description of feature and component it relates to.
- One or more use cases for the feature.
- Any extra information that might be relevant.
Before creating a new issue on the Issue Tracker, please check to see if a similar issue already exists. If it does, post a comment showing it also affects you. Knowing an issue effects multiple users is useful when we decide how to prioritize limited development resources. Please try and include any additional information you think might help us close the issue.
Contributing as a developer
BitKey, like TurnKey, is 100% free software and the code for all components is right here on GitHub. Developers with good ideas are strongly encouraged to be bold and contribute code. Use the source Luke!
See the guidelines and walk through.