/icebox

Lightwallet-powered cold storage solution

Primary LanguageHTMLMIT LicenseMIT

Icebox

Lightwallet-powered cold storage solution.

Security advisory

Please make sure to update to version 0.2.2. Previous versions contained a bug that could generate addresses that were unrelated to the HD seed if the wrong password was entered when generating new addresses. This could lead to loss of funds.

Introduction

Icebox is a simple Ether cold storage solution based on Lightwallet. It makes it easy to securely generate new keys and addresses on an airgapped device as well as spend from those addresses.

Security Warning

The security of Icebox relies on the computer it's running on being disconnected from the internet at all times. If you run it on an internet-connected computer all security guarantees go out the window. Always make sure to close the browser when you're done with your session.

Installation on an airgapped computer

Put the dist folder and its files on a USB stick and transfer the files to the airgapped computer. Then open the file icebox.html.

Installation on iOS

Serve the icebox.html file from a server or a computer on the local network. Open the location in Safari on the iOS device and add it to Reading List. This will save the page locally on the device. For the best experience you should also install the Workflow App (see below).

Now reset the network settings on your iOS device and put it in airplane mode. Your iOS device is now airgapped and you can start using Icebox. For security, never connect the iOS device to the internet after you have entered your seed into it. If you want to stop using it as a cold wallet do a hard reset and erase all data before connecting it to the network again.

Usage

New wallet

Type in some random text and hit "Create New Wallet". The user-defined text is hashed together with a random string generated by Lightwallet. For a guaranteed 128 bits of randomness in your seed, roll a set of 5 dice 10 times to create a string like this:

12453 33234 23441 66134 44432 21245 52345 12346 66333 43211

A popup will appear with your 12 word seed. Write this down on a piece of paper and/or memorize it. Select a password, this password will be used to encrypt the wallet in the browser during the session.

Restoring wallet from seed

Simply enter in your seed and Icebox will generate the private keys from it.

Showing addresses

Private keys and addresses are generated from the seed and you can show these. If the page runs in Safari on an iOS device you can couple Icebox with the Workflow app. If you have the Workflow app installed you can click the link and show the QR codes in Workflow.

Export your addresses out to your regular computer and you can start sending Ether to those addresses.

Sending Ether from cold addresses

You can spend from your cold addresses by entering in the address you want to send to. Note: Never enter an Ethereum address manually!! Ethereum addresses don't have checksums. Always copy the address from a QR code or from a USB stick if on an airgapped computer. You also need to enter the nonce of the address you're sending from. You can find the nonce of an address using a block explorer like EtherCamp.

Once you hit "Create Transaction" a signed transaction is created and displayed. You can now take this signed transaction and transmit it to the network, for instance using web3.eth.sendRawTransaction(tx) in the geth console, or using a website such as http://badmofo.github.io/ethsend/. If you're using an airgapped computer you can use a USB stick to transfer the signed transaction out, or if you're using an iOS device you can use the Workflow App which will display the transaction as a QR code.

Save/Load Encrypted wallet

You can save the encrypted wallet by clicking on "Save Wallet". You can then copy the JSON text in the text box and save it to a file. To load it again, paste it into the text box under "Load Encrypted Wallet" and hit "Load Wallet".

Workflow App

If using Icebox on iOS we recommend using the Workflow App. You need at least two workflows with the exact names "AddressQR" and "TransactionQR". They are of type "Action Extension" and defined as follows:

  • AddressQR: Split Text (Separator: Underscore character "_"), Generate QR Code, Quick Look
  • TransactionQR: Generate QR Code, Quick Look

When spending from the cold addresses it's also good to have a workflow in the Workflow app that reads a QR code of the destination address and copies the corresponding info to the Clipboard. This is to avoid having to type in the destination address manually which you should NEVER do.