ICP custody with seed phrase and air-gapped machine
The Risks involved
There are various artifacts that can be derived from your seed phrase. The diagram below explains which are derived and the risks from each artifact.
Red Boxes
If you lose both of these, you lose access to your ICP. If you have your seed phrase you can regenerate your private key. If someone gets these, they may take your ICP.
Yellow Boxes
If you lose these, you can regenerate them from your seed phrase. If someone gets these, they can see how much ICP you have or your transactions. Knowledge of these artifacts does not give you control over the ICP.
Where to store your seed phrase
Do NOT store your seed phrase electronically. We recommend you store in any of the following options:
a. Paper
b. Steel wallet like Billfodl
These solutions protect you against key loss if e.g. your air-gapped computer breaks. If you are also concerned about the risk of theft, you may take additional precautions such as keeping your seed phrase in a safe or bank vault or use secret sharing to split your seed phrase into multiple shares that can be stored in different locations.
Setup necessary if you choose to self-custody your ICP
Air gapped computer + networked phone
Getting your hardware and software ready
What you will need:
- air-gapped computer (not connected to the internet)
- networked smartphone
You will need to install the following into your air-gapped computer:
- keysmith
- https://github.com/dfinity/keysmith keysmith
- You will use this to generate important artifacts like seed phrase and private key.
- openSSSL
- https://wiki.openssl.org/index.php/Binaries
- required by quill`
- quill
- https://github.com/dfinity/quill
- you will use this to craft messages like "create neuron" for the Internet Computer
- You can install it by downloading the binary for your operating system or by cloning and compiling the code
- note that once installed, the command to execute is `target/release/quill`
- qrencode
- https://github.com/fukuchi/libqrencode
- Generates QR codes for bridging the air gap
- Tip: if you have Homebrew, you can install via:
$ brew install qrencode
- jq
- https://github.com/stedolan/jq
- Required for creating multiple QR codes
- Tip: if you have Homebrew, you can install via `brew install jq`
- Copy and paste the following bash script into a file named `quill-qr.sh`:
Warning: Only tested on MacOSX and Linux.
#!/usr/bin/env bash URL=https://p5deo-6aaaa-aaaab-aaaxq-cai.raw.ic0.app IFS=$'\n' read -r -d -a messages < <( cat - | jq -M 'if . | type != "array" then [.] else . end' | jq -rcM .[] && printf '\0' ) for message in "${messages[@]}" do echo "$URL/?msg=$(echo "$message" | gzip -c | base64 | tr -d '\n' | sed -e 's/+/%2B/g' -e 's/\//%2F/g' -e 's/=/%3D/g')" | qrencode > qr.png open qr.png echo ENTER TO CONTINUE... read < /dev/tty clear done
Because an air-gapped computer is not connected to the internet, it can be a bit awkward to install these. The most common way to do it is to download them to a networked computer and transfer the files to the air-gapped computer via CD or USB drive. Others install these on a networked computer *and then* air-gap it.
Generate seed phrase and private key
Everything in this section occurs within your air-gapped computer.
Once you have `keysmith` and `quill` installed air-gapped computer ready, you are ready to start.
Use keysmith to generate a seed phrase
On the air-gapped computer:
$ keysmith generate -o seed.txt
Use `keysmith` to create a private key and store it in `private.pem` file
On the air-gapped computer:
$ keysmith private-key -o private.pem
Generate a ledger account number
Use keysmith to display a ledger account number
This command will display a long string which is your ledger account number. Below, I provide an example of what this may look like.
On the air-gapped computer:
$ keysmith account > 77b5eb9a465f4ce6f4da494ee2bfedeefe0b52d106e0272556c1ad991f99e3da
You should write the ledger account number
Secure your seed phrase properly
Properly store seed phrase
Now that you have generated your seed phrase and your keys, you need to write down and store your seed phrase so that you could recover your private key in case you lost it.
To properly store your seed phrase see options to store seed phrases.
NOTE: Do not go to next step until you properly store it.
Remove your seed phrase from your air-gapped computer
Now that the seed phrase is properly stored. You should delete it from your computer before moving forward so no one can use it to recreate your private key.
Remove it with the following command:
On the air-gapped computer:
$ rm -vf seed.txt
Outcome
In this section, we did a few things, so let’s recap what we did and where we should be before moving forward.
If you do not end up with a table that looks like the one below, do not continue. Try again.
Artifact | Example | Security | Final outcome | Storage |
---|---|---|---|---|
seed phrase | stove reject elder top dentist car suit license grid uncle ape wash | If someone has this, they can take your tokens. If you lose it, you can lose access to your ICP. You must store it in a safe and secure place in order to be able to regenerate your private key | You created this via keysmith in this section. You will have created and properly stored a backup. | on paper or Billfodl, possibly kept in a safe |
private key | BEGIN EC PARAMETERS----- (and continues…) | If someone has this, they can take your tokens. If you lose it, you can recreate it from the seed phrase | You created this via keysmith in this section. | Can remain on air-gapped computer or be deleted after use. |
ledger account number | 77b5eb9a465f4ce6f4da494ee2bfedeefe0b52d106e0272556c1ad991f99e3da | If someone has this, they can view your token balance. If you lose it, you can do step 4.1.3 to get it back with your private key. | You generate this in this section. This can be stored anywhere. | wherever you like |