A self-contained Live CD/USB key with everything you need to perform highly secure air-gapped Bitcoin transactions. Offline cold storage made (slightly more) practical.

Overview

What's BitKey?

BitKey is a bootable system image based on Debian containing everything you need to perform highly secure air-gapped Bitcoin transactions. You don't need to install it to a hard drive because it runs live from RAM. You just write the ISO image to a USB drive or burn it to CDROM.

Under the hood it contains a swiss army knife of handy Bitcoin tools that support a wide range of usage models, including a few very secure ones which would otherwise be difficult to perform. We created BitKey we wanted something like it for our own use.

We're avid Bitcoin fans but after going to our first local Bitcoin meetup we discovered the elephant in the room was that there was no easy way to perform cold storage Bitcoin transactions where the wallet lives on an air-gapped system physically disconnected from the Internet.

The idea was to see if we could use the TurnKey GNU/Linux build system to create a self-contained read-only CD/USB stick with everything you need to perform Bitcoin transactions with as much security as you wanted - including highly secure air-gapped Bitcoin transactions.

How do I use BitKey?

We've documented several common use cases right on this website's usage section. Click on the various boot modes for instructions.

How secure are air-gapped systems?

It depends! Air-gapped systems raise the bar because they are physically prevented from communicating with the Internet. That prevents an attacker that doesn't have physical access from actively attacking the computer and/or remote controlling it.

But like all other security measures air-gaps are no silver bullet, especially when you don't trust the system behind the air-gap. There are many ways an evil air-gapped system can betray its user, including creating bad transactions and smuggling out secret keys via covert channel (e.g., USB keys, high frequency sound, covert activation of Bluetooth/wifi chipset, etc.)

Do I have to use BitKey on a separate air-gapped computer?

Not if you don't want to, or if you just don't need the extra security. BitKey also works online in two modes: cold-online and hot-online. See the usage section for details.

How much security does BitKey provide?

It depends! At one extreme, using BitKey in just the right way is currently the closest you can get to perfectly secure Bitcoin transactions (without doing them in your head).

Even when you use BitKey in the most insecure mode possible (e.g., hot-online) it still provides better security than 99% of Bitcoin users are getting from their web wallets and Bitcoin phone apps.

If the theft of hundreds of millions of dollars worth of Bitcoin from the Bitcoin exchanges has left you, like us, with a healthy sense of paranoia, then you'll want to use BitKey in the most secure way possible in which case nobody in the world is getting better security for their Bitcoin transactions. Nobody.

How does BitKey compare with a hardware wallet like Trezor?

Read the discussion with Trezor developer Tomas Dzetkulic on how BitKey can provide better security than Trezor and judge for yourself.

Do I need to trust BitKey not to steal my Bitcoin?

Not if you're careful. In fact, if you have reason to worry we encourage you not to trust BitKey. In the words of our dear leader: trusted third parties are a security hole.

As a Bitcoin swiss army knife BitKey supports many usage models. What's interesting is that this includes at least one use case which doesn't require you to trust BitKey at all. We call it the If I tell you I'll have to kill you usage model. It provides almost perfect security even if BitKey itself is rotten to the core.

Also, if you don't trust the binary version, you can always build BitKey from source.

Do I have to be ultra paranoid to use BitKey?

No. We understand that people routinely trade off security for convenience, otherwise they wouldn't get anything done.

We recognize that there is an inescapable trade off between convenience and security and that risk is proportional to the value of your wallet. So it doesn't make sense to enforce any specific trade off. We want BitKey to help make the most paranoid usage model practical for day to day use but at the same time, we want to let the user decide how high (or low) to raise the bar. It should be your choice.

Is BitKey perfect?

Not by a long shot. There's still a lot of room for improvement. Mostly in terms of improving the usability and reducing the potential for human error. Also, adding support for locally attached printers so you can print paper wallets. Stuff like that.

But for a solution to be useful it doesn't need to be perfect, just better than the alternatives, at least for some use cases.

Unfortunately, the problem is many people currently using Bitcoin don't understand the risks they are taking and place too much trust on incredibly insecure solutions such as web based Bitcoin wallets, accessed from a general purpose PC that is installed, configured and used by a person who is not and will never be a security expert. That might be OK for very low value wallets that you wouldn't mind losing but beyond that it is very foolish.

Usage

How to get BitKey on physical media

BitKey is packaged as a system image that boots a self-contained operating system from either a USB drive, or a CDROM.

1) BitKey on a USB flash drive: You can write the ISO image to a USB drive. No partitioning or preparation of the device is necessary.

If you're booting BitKey from USB, we recommend using a USB flash drive with physical write protection. Unfortunately these are a dying breed. We're now down to just Kanguru (e.g., Kanguru Flashblu).

To further mitigate the risk of malicious modification we recommend marking the USB drive where BitKey is installed so that you don't accidentally use it for anything else and also unplugging the USB drive after BitKey loads into RAM.

2) BitKey On CDROM: You burn the ISO image to CDROM the same you burn any ISO image.

Booting from CDROM is more secure because a CDROM is physically read-only so you don't have to worry about backdoors in the write protection mechanism (which most USB drives these days don't even have). Also you don't have to worry about BadBIOS style attacks against the USB stack. Sadly, computers with optical media readers are also a dying breed.

Booting the Live OS (red)

BitKey is a single image supporting two use cases via three modes of operation. At boot time, you select the desired mode from the bootloader menu:

Mode Wallet Transactions Security Convenience
cold-offline (?) create sign high less
cold-online (?) watch prepare high less
hot-online (?) create & watch prepare & sign medium more

Data storage (black)

In addition to the BitKey device, you'll need a black USB key which will serve as storage for encrypted wallet files, unencrypted master public key for watch-only mode, and optionally as a data shuttle for unsigned and signed transactions between cold online and offline modes.

Features

Free Software

BitKey is free software. It's hosted on GitHub, available for peer-review and improvement by anyone in the free software & Bitcoin communities.

Encrypted Wallet Storage

Wallet files are stored in a LUKS encrypted loopback filesystem. During creation, estimated passphrase strength such as entropy and crack time is displayed.

Deterministic builds (planned)

We will be improving TurnKey's build chain to support Gitian-style deterministic builds, to make it harder to compromise the build process, allow the community to independently verify full system integrity bit-for-bit, and create a community based signed chain of trust for each released version.

Lightweight Debian Live OS

BitKey boots live (no installation required), and copies itself into RAM, allowing the boot media to be safely removed.

Included software

Electrum Bitcoin client, incognito chromium, bitaddress, qrcode, zxcvbn. File manager, network and wireless manager. Auto-mounting USB storage support.

Multi layered security (planned)

We will be implementing exotic security mechansims such as mandatory access control (MAC), PAX, trusted path execution (TPE), position independent code address space layout randomization (PIE-ASLR), discretionary access control (DAC), jails, exploit countermeasures (ECM) and raw IO/Memory protections.

Download

You can download the latest BitKey ISO image. It's a hybrid image that supports both being written to a USB drive and being burned to CDROM. Alternatively, you can build the ISO image yourself from source.

About BitKey

BitKey is a side project by the core developers of TurnKey GNU/Linux. We couldn't find a solution that satisfied our paranoia so we rolled our own.

Other Bitcoin related projects by the TKL core devs include Block Explorer - a free software web tool for exploring the Bitcoin blockchain (like BitKey, a work in progress).

About TurnKey Linux

TurnKey GNU/Linux is a Debian based library of system images that pre-integrates and polishes the best free software components into ready-to-use solutions.

TurnKey was started in 2008 by Alon Swartz and Liraz Siri who were inspired by a belief in the power of free software, like science, to promote the progress of a free & humane society.