Did you know you can build your own hardware wallet? I recently attended a workshop with Dani @bitcoineando, a Bitcoin evangelist and software engineer. He will be hosting a workshop on this very topic at Bitcoin Adoption in El Salvador next week. The entire process took less than an hour, and I was able to complete a fully configured and self-assembled Bitcoin Seedsigner and smart card backup combo via the Satochip suite, despite having never assembled a small hardware device of this kind.
For those attending the now historic “Adopting Bitcoin” conference in El Salvador this month, a free workshop will be held on Friday, November 14th from 3:50-4:50 pm in the English Workshop Room and will be conducted in both English and Spanish. Attendees who bring their laptops and attend the entire workshop will take home a free Seedsigner + SATOChip combo, plus knowledge on how to build the whole thing themselves. Sign up here to lock in your exclusive spot now.
What’s amazing about the combination of these two great open source projects is that they are made with very common hardware that can be purchased almost anywhere in the world. Without the use of specialized hardware from artisan manufacturers, this is a pure DIY project, which can be a viable option for users in developing countries with strict import regulations, under oppressive fiscal regimes, on a tight budget, or for paranoid users who want to build everything themselves.
seed signer
The SeedSigner project was launched in December 2020 and will allow users to build their own air-gapped Bitcoin transaction signing device for around $50 using off-the-shelf components such as a Raspberry Pi Zero v1.3, a camera module to scan QR codes, and a small LCD display to verify transactions and navigate menus with a small joystick and three buttons.
Created by a pseudonymous founder known simply as “SeedSigner” and now supported by a growing community of contributors and led by Kieth Mukai, the project focuses on trustless private key generation and supports a wide range of tools, including BIP39 seed phrase creation via roll of the dice, and seamless integration with multisig wallets such as Sparrow, Spectre, BlueWallet, and Nunchuk.
SeedSigner is completely free open source software (FOSS) released under the MIT license for its core code. All hardware specifications, software, and enclosure designs are publicly auditable on GitHub, allowing anyone to examine, modify, or build from the source, allowing for maximum transparency and community-driven improvements.
Although the Raspberry Pi Zero’s CPU/GPU firmware and bootloader are Broadcom’s proprietary closed-source software provided by the Raspberry Pi Foundation, Seedsigner’s design is optimized around managing these risks, such as allowing users to provide their own entropy and not selecting wireless communication modules such as Bluetooth. The seed signer is also “stateless” and is designed to have no memory storage, instead requiring the user to enter a seed that is launched anew each time and used in the same session to sign transactions.
These security measures make SeedSigner a popular hardware device for enthusiasts and advanced users. However, there are some unique user experience challenges. SeedSigner’s critics and competitors argue that manually entering a 12-word seed into a device by scanning a keystroke or private key backup QR code exposes key material to cameras, which are ubiquitous in today’s digital age, putting users’ funds at risk. This process can be tedious and introduces friction in the user experience that stateful hardware wallets don’t have. This is what makes the collaboration between SeedSigner and SATOCHIP smart cards so special.
Satchip
SATOCHIP is a Belgian startup founded in 2014 by Baudouin Collard and Bastien Taquet that focuses on affordable, open-source, smartcard-centric hardware wallets. The company’s flagship products SATOCHIP (an NFC hardware wallet), SATODIME (a bearer card), and Seedkeeper (a kind of password manager) work with wallets like Sparrow and Electrum. Their Java Cards project is an open source (AGPLv3) applet that turns inexpensive smart cards (YubiKey, SIM, etc.) into secure DIY BIP39 hardware wallets with EAL6+ security.
Taking a different approach to cryptographic key security, smart cards are stateful and use some of the most advanced security chips on the market to store key material in encrypted form. It is often better than the technology used in credit cards and bank debit cards. Smart cards are NFC-enabled, leveraging the same near field communication technology used in many parts of the world today. Although this antenna has range, it is considered to have very limited reach, which is why advanced hardware wallet manufacturers such as CoinKite have also integrated it into their top-of-the-line hardware wallet, Coldcard Q.
The main drawback of the smart card approach to cryptographic security is that there is no screen required to verify what the user is signing. Therefore, Satochip integrates with various mobile and desktop apps as well as its own apps available for Android and iOS.
SeedSigner is also tightly integrated with Satochip through a community member fork of firmware, allowing users to flash new smartcards directly from SeedSigner, improving the wallet setup experience while also supporting expansion of smartcard reader hardware. The SeedSigner firmware integrated into SATOCHIP was created by YTCryptoGuide and can be found on YTCryptoGuide’s GitHub. This fork is not an official release of SeedSigner.
Combining these two open source projects will likely improve the security and user experience of both projects, as users will be able to leverage the open source, consumer hardware nature of SeedSigner along with the seed backup and ease of use nature of smartcards.
One of the invaluable skills of the workshop, its corresponding website, and its how-to guides, is to teach you how to verify the reliability of the software installed on your hardware. Both Seedsigner and SATOchip applets are signed by the developer using a PGP key. A software hash, or unique cryptographic ID, is created using an algorithm such as SHA-256 (also used in Bitcoin mining), which results in a string of numbers. This string is specific to the software used to generate it. If one character in the software changes, the hash changes completely.
That hash is then signed by the developer with a PGP key, producing another unique and definitive chunk of data. The result is a set of software signatures that can ultimately inform users that a known, reputable developer has endorsed a particular software release as genuine and authentic.
Knowing how to perform this kind of validation may seem daunting at first, but it’s actually quite simple and is the root of cypherpunk values and sovereignty in the digital age.
