BitKey is a swiss army knife of handy Bitcoin tools built on top of Debian, which we created to scratch our own itch.

We're avid Bitcoin fans but after going to our first local Bitcoin meetup we discovered the elephant in the room was that there was no easy way to perform cold storage Bitcoin transactions where the wallet lives on an air-gapped system physically disconnected from the Internet.

We used the TurnKey GNU/Linux build system to create a self-contained read-only CD/USB stick to satisfy all our Bitcoin needs. Your's too we hope, and if not we're open to suggestions for improvement.

Apps that are allowed network access in online mode:

• Electrum with wrapper that stores wallet on a USB in a LUKS encrypted loopback filesystem. During creation, displays passphrase strength estimates such as entropy and crack time.
• coinbin: swiss army knife of bitcoin tools

Apps that are not allowed network access even in online mode:

• warpwallet: brainwallet with strong KDF (scrypt+pbkdf2) and salt
• bitaddress: paper wallet generator
• qrcode generator: encodes anything as a qrcode
• zxcvbn: realistic password strength estimator

Advanced tools for Bitcoin ninjas:

• bx: the Bitcoin command line tool (AKA libbitcoin-explorer)

Other:

• Chromium web browser: runs in incognito mode by default (only visible in online mode)
• Network manager
• Text editor
• File manager

BitKey on CDROM: use your favorite program to burn the ISO to CDROM. Nothing special. CDROMs are naturally read-only and tamper resistant.

BitKey on USB: If you don't burn BitKey to a CDROM, writing BitKey to a USB stick with a hardware read-write toggle (e.g., Kanguru FlashBlu) is the next best thing.

On USB sticks without write protection, you can remove BitKey USB after booting as an additional security measure. BitKey loads into RAM so after booting you no longer need the USB.

1. Insert USB stick and detect the device path:

   $ dmesg|grep Attached | tail --lines=1
   [583494.891574] sd 19:0:0:0: [sdf] Attached SCSI removable disk
   

2. Write ISO to USB:

   $ sudo dd if=path/to/bitkey.iso of=/dev/sdf
   $ lsblk | grep sdf
   sdf                                8:80   1   7.4G  1 disk
   └─sdf1                             8:81   1   444M  1 part
   

By default, BitKey stores your wallet encrypted on a USB flash drive AKA USB stick.

It expects your flash drive to be vfat formatted. This is the standard format for store bought drives. If this isn't the case, BitKey may have trouble detecting your drive. In that case you can reformat the drive from Windows, or on Linux / BitKey using the following steps:

1. Insert data storage flash drive and detect the device path:

   $ dmesg|grep Attached | tail --lines=1
   [583494.891574] sd 19:0:0:0: [sda] Attached SCSI removable disk
   

2. Reformat the drive:

   $ sudo mkfs.vfat /dev/sda1
   mkfs.fat 3.0.27 (2014-11-12)
   

See https://bitkey.io for a detailed introduction and usage guide.

BitKey Live CD/USB supports three modes of operation selected from a boot time menu.

Two cold storage modes:

1. cold-offline: create wallet, sign transactions

   In this mode, the desktop background is green (mnemonic for cool and safe)

2. cold-online: watch wallet, prepare transactions

   In this mode, the desktop background is blue (mnemonic for cool and informative)

If the instructions are carefully followed, cold storage modes creates an airgap which ensures that your wallet's private keys are never loaded into RAM on a computer connected to the Internet.

In this mode the desktop background is red (mnemonic for hot and dangerous)

Allows you to create & watch wallet, prepare & sign transactions.

In hot online mode, the private keys are known to a computer connected to the Internet. This is the most convenient mode because you only need one computer. After booting BitKey resides in RAM and saves nothing to your hard drive.

The flip side is smaller security margins:

1. You need to trust that your copy of BitKey hasn't been tampered with and that the original signed BitKey image hasn't been compromised.
2. If you use a network enabled app (e.g., Chromium) and an attacker exploits a zero-day vulnerability to gain access to your online system, say goodbye to those Bitcoins!

In this mode you don't use BitKey or any hardware wallet type device. Your wallet's private keys are stored on your phone or PC and known to an Internet enabled device that is vulnerable (or will be sometime in the future) to the efforts of thieves who would like nothing more than to steal your Bitcoin.

You rely on the magical power of wishful thinking. You're not important enough to get hacked and any opportunistic malware infection you do get is not going to include any Bitcoin stealing functionailty. Right? Right! Good luck!

Hardest to use but leaves no trace of wallet keys in any storage medium. Minimizes trust in BitKey. Your wallet keys are only stored in your head.

Inspired by how Jason Bourne stores his Bitcoin:

https://maxtaco.github.io/bitcoin/2014/01/16/how-jason-bourne-stores-his-bitcoin/

1. Boot BitKey in cold-offline mode, remove BitKey USB
2. Generate Warpwallet with a strong passphrase and your e-mail as salt
3. Save public Bitcoin address (e.g., scan qrcode)
4. To ensure private keys do not survive in RAM, turn off computer running BitKey and disconnect power source for 15 minutes.

After generating wallet, you can send Bitcoin to this address.

Safety warning regarding salts: do not use Warpwallet without a salt. You're not going to forget your e-mail and using a salt makes attacks vastly more difficult.

Public Service Announcement regarding Warpwallet passphrases:

1. Humans are poor sources of randomness and much more predictable using statistical models than they think. Technology is ever moving forward and cracking techniques always get better, never worse. You may not be familiar with the state of the art, so be extra careful.

   The ideal passphrase is 6 to 8 truly random diceware words. If you're going to try and come up with a random passphrase yourself, be paranoid. They really are out to get you. At least use zxcvbn to measure passphrase strength. It's not perfect, but it should give you a clue. You'll want at least 65 bits of entropy for a salted warpwallet, especially if you are going to be storing funds long-term.

   DO NOT USE KNOWN PHRASES, QUOTES OR SENTENCES FROM A BOOK.

2. More wallets are lost to routine forgetfulness than sophisticated theft. If you're not continually accessing your Warpwallet there is a very high likelyhood you will eventually forget your passphrase after a few months or a few years. You only need to forget a single character for your wallet to be lost forever. This risk needs to be balanced with the risks of making a paper backup.

   Consider making a paper backup of your passphrase and destroying it only when you are absolutely sure you will not forget it, then use spaced reptition learning to ensure it stays in memory until you want to access the funds.

This step is easiest to do from an Electrum watch-wallet on a PC, but you can also do it from BitKey:

1. Boot BitKey in cold-online mode, remove BitKey USB

2. Restore watch-only wallet and run Electrum, from command line:

   $ electrum restore $PUBLIC_ADDRESS
   $ electrum
   

3. Insert USB stick for storing unsigned transaction

4. Fill in recipient under Send tab and "Save" unsigned transaction to USB at /media/usb/

5. Shutdown/Reboot BitKey

1. Boot BitKey in cold-offline mode, remove BitKey USB

2. Insert USB stick where you stored unsigned transaction. Copy to RAM and remove from disk:

   $ cp /media/usb/unsigned.txt ~/     #  uses RAM for storage
   $ srm /media/usb/unsigned.txt       # secure delete unsigned transaction
   

3. Unplug USB stick

4. Use Warpwallet to restore brainwallet private key

5. Launch Electrum from command line so that it stores wallet in RAM:

   $ electrum -w /tmp/brainwallet
   

6. Import private key and sign transaction

   • In the Electrum Install Wizard, select 'Restore a wallet or import keys'
   • Cut and paste the private key, click Next
   • Click Next again (you don't need encryption for a wallet in RAM)
   • Tools > Load transaction > From file
   • Verify Outputs, Sign & Save signed transaction

7. Create a QRCode for the signed transaction:

   • Open Signed transaction in text editor
   • Open qrcode app: cut and paste hex of signed transaction

8. Scan qrcode of signed transaction with phone and broadcast transaction to network.

9. Turn off BitKey, disconnect power source, wait 15 minutes to clear RAM

Full custom keybindings in overlay/usr/share/glib-2.0/schemas/20_custom.gschema.override

• Keyboard: Ctrl+C, CTRL+X and CTRL-V

• Mouse:

  To copy, click text and drag to highlight text to be copied

  To paste, left click to focus keyboard, then middle mouse click to paste. If no middle mouse button exists, clicking both right and left buttons simultaneously also works.

• Window operations:

  • Right-click titlebar
  • ALT+F3

• Split screen window positioning:

  Dragging window to left or right

  This makes a window neatly fill half the screen

• Maximize window by dragging to top of screen

• Toggle window maximization:

  • double click on window titlebar
  • ALT+F10

• Minimize window: ALT+F9

• Resize window: Alt+F8

• Close window with CTRL+W or ALT-F4

• Switch between windows (including minimized): Alt+TAB

• Switch workspaces:
  • <Win> F1-F4
  • <Ctrl> <Alt> Left/Right
• Move window to a different workspace: <Win> <Shift> F1-F4

Guidelines:

• Defense in depth: increase security by forcing attackers to overcome a plurality of obstacles.
• Minimize trust: minimize the number of third parties that need to be trusted, and minimize the degree of trust that needs to be placed on the existing trusted parties (e.g., BitKey developers to a degree).
• Minimized complexity: attack surface grows with complexity, so decrease complexity by minimizing number of components, using simpler components (e.g., chromium with webapps)
• Minimum privilege level policy: for example, if a component doesn't need network access, don't give it to it. If a mode doesn't need network access, enforce lack of network access.
• Transparency and verifiability: only use open source components who's integrity can be verified in principle and in which violations of integrity are more likely to be detected.
• Assume and attempt to compensate for human fallibility: avoid assuming users are advanced Bitcoin and security experts. Do the most to protect them from natural mistakes and lack of awareness with more secure defaults, friendly reminders, health warnings, tools for verifying against mistakes.

Specifics:

• Change desktop background color to indicate boot mode

  • cold-offline: green background
  • cold-online: blue background
  • hot-online: red background

• Electrum wrapper:

  • automatically configures default wallet based on boot mode

    In cold-offline mode: wallet is stored in an encrypted LUKS, with enforced passphrase complexity. Following offline wallet generation a watch only wallet is created containing only public keys.

    In cold-online mode: only the watch wallet is accessible, the wallet containing private keys is inaccessible so that the user is never accidentally prompted for the passphrase and can't open the wallet online by mistake.

    In hot-online mode: separate wallet file, so that even if you store the wallets on the same USB key, you can't accidentally open the cold-offline wallet by booting into the wrong mode.

• Disabled networking in cold-offline mode: all plan/net network packages are purged on boot by /usr/lib/bitkey.d/purge-packages script

• Deny network access to local webapps (e.g., warpwallet, qrcode generator) that don't need it.

  Security in depth that prevents even a trojaned version of the app from leaking information to the network, even in online mode on a non airgapped computer.

• All included components are open source

• Best effort to verify integrity of source components

  • do not accept any component without independent verification
  • download upstream archives from most authoritative trusted, verifiable source
  • check matching hash sums
  • verify PGP signatures when signatures are available
  • verify authenticity of PGP keys when possible (e.g., using keybase)
  • generate and inspect diff from tagged releases

• vouch for source components by signing list of signatures:

  gpg --verify /usr/local/src/SHA256SUM.asc
  

BitKey is built with TKLDev, the TurnKey GNU/Linux build system.

1. Deploy TKLDev (e.g., as a local VM)

2. SSH into TKLDev and clone bitkey git repo:

   ssh tkldev
   cd products
   git-clone https://github.com/bitkey/bitkey
   
   cd bitkey
   make
   

The ideal bug/issue includes:

1. A detailed description of the issue.
2. How to reproduce the issue step by step.
3. Any extra information that might be relevant, such as your hardware, network card, boot media, any changes made prior to issue, etc.

The ideal feature request includes:

1. A detailed description of feature and component it relates to.
2. One or more use cases for the feature.
3. Any extra information that might be relevant.

Before creating a new issue on the Issue Tracker, please check to see if a similar issue already exists. If it does, post a comment showing it also affects you. Knowing an issue effects multiple users is useful when we decide how to prioritize limited development resources. Please try and include any additional information you think might help us close the issue.

BitKey, like TurnKey, is 100% free software and the code for all components is right here on GitHub. Developers with good ideas are strongly encouraged to be bold and contribute code. Use the source Luke!

See the guidelines and walk through.