< Back to Read-Only Offline Crypto Device Recipe
The parts are simple, readily available and cheap enough to make redundant backups.
There are no moving components (fans, disk drives) and should have a long lifespan.
The software is well supported, and documentation is easily accessible.
The fully prepared MicroSD card is cheap and can easily be duplicated and distributed.
The 400 comes in convenient keyboard case - two less things to worry about.
When running this device using the Overlayroot mode, any secrets generated in your use of this tool is lost when you power down this device. The Linux operating system overlays writes to Random Access Memory (RAM), while keeping the contents of the MicroSD card as read-only.
Note that you will still need a secure HDMI connected computer monitor to use this tool securely.
Overlayroot is used by the Raspberry Pi OS to create a read-only filesystem.
Yes. Trezor have their own Shamir backup system requiring different tools - see What is Shamir backup?. You can still use this device on your Trezor's BIP-39 mnemonic seed phrase.
See the official BIP-39 specification and What is BIP39?.
See the Shamir39 specification. There is only one known implementation of this specification at https://github.com/iancoleman/shamir39 by the same author.
See Dev Corner: A Detailed Guide to Shamir Backup.
Here are some wallets. Check the individual models for specifics:
| Wallet | Type | BIP-39 Support? |
|---|---|---|
| Gridplus Lattice1 | Hardware | Yes |
| Ledger | Hardware | Yes |
| MetaMask | Software | Yes |
| Trezor | Hardware | Yes |
Simple Shamir's Secret Sharing (s4) at https://simon-frey.com/s4/ allows you to encrypt and decrypt messages. Save a copy of the web page in your Downloads folder before you remove the network connectivity and set the device to read-only mode.
A backup of the contents of the link https://simon-frey.com/s4/ has been made to copy/Simple Shamir's Secret Sharing (s4).html, just in case.
You may have to distribute these shares by copying them onto USB storage, as these shares are much harder to write down.
Research and test yourself before real use!
Banana Split at https://github.com/paritytech/banana_split splits secrets (maximum length 1024 characters) into QR code shares for printing, with an additional handwritten passphrase required to recover your original secret.
NOTE: You will need a camera for your Raspberry Pi device to restore your secret from the QR codes. You may be able to use USB webcams as well. I have not tested that this will work.
A backup of the contents of the link https://bs.parity.io/ has been made to copy/BananaSplit.html, just in case.
Research and test yourself before real use!
Vanity-ETH at https://vanity-eth.tk/ (Note: use the online version only for testing) allows you to generate vanity Ethereum addresses. You can used this to generate an Ethereum private key and public key pair, or a password protected .json keystore file.
The web browser based JavaScript generation process is slow on the Raspberry Pi, at about 5 addresses per second, so I would not bother trying to generate vanity addresses with this setup. Also note that groups of matching vanity addresses can leak information.
You can download the offline version https://github.com/bokub/vanity-eth/archive/refs/heads/offline.zip and extract the file vanity-eth.html from the downloaded vanity-eth-offline.zip into your Downloads folder.
A backup of the contents of the archive vanity-eth-offline.zip from the link https://github.com/bokub/vanity-eth/archive/refs/heads/offline.zip has been made to copy/vanity-eth.html, just in case.
Research and test yourself before real use!
The backups in the ./copy folder are taken just in case the original links are taken down, or renamed in the future.
If you plan on relying on the these backups, download the files from the original links and download the files from ./copy, then use a tool to compare them.
| Original Links | Navigate To Copy And Download Raw |
|---|---|
| https://bs.parity.io/ | copy/BananaSplit.html |
| https://simon-frey.com/s4/ | copy/Simple Shamir's Secret Sharing (s4).html |
| https://github.com/iancoleman/shamir39/raw/b12d...d973/standalone.html | copy/standalone_iancoleman_shamir39_b12d...d973.html |
| contents of the archive vanity-eth-offline.zip from the link https://github.com/bokub/vanity-eth/archive/refs/heads/offline.zip | copy/vanity-eth.html |
Note that you may find some differences in the downloaded copy/Simple Shamir's Secret Sharing (s4).html file as there are some active JavaScript menu selection changes when you download the file:
$ diff Simple\ Shamir\'s\ Secret\ Sharing\ \(s4\)_FromCopy.html Simple\ Shamir\'s\ Secret\ Sharing\ \(s4\)_FromLink.html | more
218c218
< <li class="" data-section="encrypt">Encrypt</li>
---
> <li class="active" data-section="encrypt">Encrypt</li>
220c220
< <li data-section="info" class="active">Info</li>
---
> <li data-section="info">Info</li>
223c223
< <div id="error" style="display: none;">
---
> <div id="error">
227c227
< <section id="encrypt" style="display: none;">
---
> <section id="encrypt">
245c245
< <section id="decrypt" style="display: none;">
---
> <section id="decrypt">
255c255
< <section id="info" style="display: block;">
---
> <section id="info">
Enjoy!
© Bok Consulting Pty Ltd 2024, CC0-1.0 license