ICP custody with seed phrase and air-gapped machine

From Internet Computer Wiki
Revision as of 21:35, 29 January 2022 by Diego.prats (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Staking with a seed phrase and an air-gapped machine is the self-custody option that maximizes one's control of their ICP. It requires more technical skill for custody, but puts one in control.

The Risks involved

There are various artifacts that can be derived from your seed phrase. The diagram below explains which are derived and the risks from each artifact.

seed phrase risks

Red Boxes

If you lose both of these, you lose access to your ICP. If you have your seed phrase you can regenerate your private key. If someone gets these, they may take your ICP.

Yellow Boxes

If you lose these, you can regenerate them from your seed phrase. If someone gets these, they can see how much ICP you have or your transactions. Knowledge of these artifacts does not give you control over the ICP.

Where to store your seed phrase

Do not store your seed phrase electronically. We recommend you store in any of the following options:

a. Paper

b. Steel wallet like Billfodl


These solutions protect you against key loss if e.g. your air-gapped computer breaks. If you are also concerned about the risk of theft, you may take additional precautions such as keeping your seed phrase in a safe or bank vault or use secret sharing to split your seed phrase into multiple shares that can be stored in different locations.

Tip: one can break up their seed phrase into secret shares and store the secret shares on paper or steel wallets using Harpo.

Staking & voting options with this setup

You will use the air-gapped computer to create and sign messages which it cannot send since the computer is air-gapped. This article shows you how to turn these messages into QR codes (they could also be transferred via USB drives). You will use a networked smartphone to “bridge the air gap” in section 4.2 by reading QR codes from the air-gapped computer and sending them directly to the Internet Computer. Security-wise, the worst-case scenario is that the phone does not send the messages, but the phone never gets access to anything sensitive.

Soon, you will have another option: Ledger Nano integration. You can see a preview here of how it will work

Getting your hardware and software ready

What you will need:

  1. air-gapped computer (not connected to the internet)
  2. networked smartphone

You will need to install the following into your air-gapped computer:

  1. keysmith
    1. You will use this to generate important artifacts like seed phrase and private key.
  2. openSSSL
    1. required by quill`
  3. quill
    1. you will use this to craft messages like "create neuron" for the Internet Computer
    2. You can install it by downloading the binary for your operating system or by cloning and compiling the code
    3. note that once installed, the command to execute is `target/release/quill`
  4. qrencode
    1. Generates QR codes for bridging the air gap
    2. Tip: if you have Homebrew, you can install via:
      $ brew install qrencode
  5. jq
    1. Required for creating multiple QR codes
    2. Tip: if you have Homebrew, you can install via `brew install jq`
  6. Copy and paste the following bash script into a file named `quill-qr.sh`:

Warning: Only tested on MacOSX and Linux.

   #!/usr/bin/env bash
   IFS=$'\n' read -r -d  -a messages < <( cat - | jq -M 'if . | type != "array" then [.] else . end' | jq -rcM .[] && printf '\0' )
   for message in "${messages[@]}"
       echo "$URL/?msg=$(echo "$message" | gzip -c | base64 | tr -d '\n' | sed -e 's/+/%2B/g' -e 's/\//%2F/g' -e 's/=/%3D/g')" | qrencode > qr.png
       open qr.png
       echo ENTER TO CONTINUE...
       read < /dev/tty

Because an air-gapped computer is not connected to the internet, it can be a bit awkward to install these. The most common way to do it is to download them to a networked computer and transfer the files to the air-gapped computer via CD or USB drive. Others install these on a networked computer *and then* air-gap it.

Generate seed phrase and private key

Everything in this section occurs within your air-gapped computer.

air gapped computer

Once you have `keysmith` and `quill` installed air-gapped computer ready, you are ready to start.

Use keysmith to generate a seed phrase

On the air-gapped computer:

   $ keysmith generate -o seed.txt

Use keysmith to create a private key and store it in private.pem file

On the air-gapped computer:

$ keysmith private-key -o private.pem

Generate a ledger account identifier

This command will display a long string which is your ledger account identifier. Below, I provide an example of what this may look like.

On the air-gapped computer:

$ keysmith account
> 77b5eb9a465f4ce6f4da494ee2bfedeefe0b52d106e0272556c1ad991f99e3da

You should write the ledger account identifier

Secure your seed phrase properly

Properly store seed phrase

Now that you have generated your seed phrase and your keys, you need to write down and store your seed phrase so that you could recover your private key in case you lost it.

To properly store your seed phrase see where to store your seed phrase.

NOTE: Do not go to next step until you properly store it.

Remove your seed phrase from your air-gapped computer

Now that the seed phrase is properly stored. You should delete it from your computer before moving forward so no one can use it to recreate your private key.

Remove it with the following command:

On the air-gapped computer:

$ rm -vf seed.txt


In this section, we did a few things, so let’s recap what we did and where we should be before moving forward.

If you do not end up with a table that looks like the one below, do not continue. Try again.

Artifact Example Security Final outcome Storage
seed phrase
stove reject elder top dentist car suit license grid uncle ape wash
If someone has this, they can take your tokens. If you lose it, you can lose access to your ICP. You must store it in a safe and secure place in order to be able to regenerate your private key You created this via keysmith in this section. You will have created and properly stored a backup. on paper or Billfodl, possibly kept in a safe
private key
BEGIN EC PARAMETERS----- (and continues…)
If someone has this, they can take your tokens. If you lose it, you can recreate it from the seed phrase You created this via keysmith in this section. Can remain on air-gapped computer or be deleted after use.
ledger account identifier
If someone has this, they can view your token balance. If you lose it, you can do step 4.1.3 to get it back with your private key. You generate this in this section. This can be stored anywhere. wherever you like


Now that you have chosen this path for self-custody, see ICP staking with seed phrase and air-gapped computer for how to stake.

See Also