Overview

What's BitKey?

BitKey is a bootable system image based on Debian containing everything you need to perform highly secure air-gapped Bitcoin transactions. You don't need to install it to a hard drive because it runs live from RAM. You just write the ISO image to a USB drive or burn it to CDROM.

Under the hood it contains a swiss army knife of handy Bitcoin tools that support a wide range of usage models, including a few very secure ones which would otherwise be difficult to perform. We created BitKey because we wanted something like it for our own use.

We're avid Bitcoin fans but after going to our first local Bitcoin meetup we discovered the elephant in the room was that there was no easy way to perform cold storage Bitcoin transactions where the wallet lives on an air-gapped system physically disconnected from the Internet.

The idea was to see if we could use the TurnKey GNU/Linux build system to create a self-contained read-only CD/USB stick with everything you need to perform Bitcoin transactions with as much security as you wanted - including highly secure air-gapped Bitcoin transactions.

How do I use BitKey?

We've documented several common use cases right on this website's usage section. Click on the various boot modes for instructions.

How secure are air-gapped systems?

It depends! Air-gapped systems raise the bar because they are physically prevented from communicating with the Internet. That prevents an attacker that doesn't have physical access from actively attacking the computer and/or remote controlling it.

But like all other security measures air-gaps are no silver bullet, especially when you don't trust the system behind the air-gap. There are many ways an evil air-gapped system can betray its user, including creating bad transactions and smuggling out secret keys via covert channel (e.g., USB keys, high frequency sound, covert activation of Bluetooth/wifi chipset, etc.)

Do I have to use BitKey on a separate air-gapped computer?

Not if you don't want to, or if you just don't need the extra security. BitKey also works online in two modes: cold-online and hot-online. See the usage section for details.

How much security does BitKey provide?

It depends! At one extreme, using BitKey in just the right way is currently the closest you can get to perfectly secure Bitcoin transactions (without doing them in your head).

Even when you use BitKey in the most insecure mode possible (e.g., hot-online) it still provides better security than 99% of Bitcoin users are getting from their web wallets and Bitcoin phone apps.

If the theft of hundreds of millions of dollars worth of Bitcoin from the Bitcoin exchanges has left you, like us, with a healthy sense of paranoia, then you'll want to use BitKey in the most secure way possible in which case nobody in the world is getting better security for their Bitcoin transactions. Nobody.

How does BitKey compare with a hardware wallet like Trezor?

In terms of pricing and availability, BitKey is free and runs on ubiquitous general purpose computers.

In terms of security, it can provide equivalent or better security than a hardware wallet, depending on how you use it.

In terms of convenience it's hard to beat a hardware wallet. Using BitKey to implement the most paranoid, trust-minimized workflows provides superior security at the price of not being as easy to use.

For an in-depth analysis, read the discussion with Trezor developer Tomas Dzetkulic (better security than Trezor?) and judge the pros and cons for yourself.

Do I need to trust BitKey not to steal my Bitcoin?

Not if you're careful. In fact, if you have reason to worry we encourage you not to trust BitKey. In the words of our dear leader: trusted third parties are a security hole.

As a Bitcoin swiss army knife BitKey supports many usage models. What's interesting is that this includes at least one use case which doesn't require you to trust BitKey at all. We call it the If I tell you I'll have to kill you usage model. It provides almost perfect security even if BitKey itself is rotten to the core.

Also, if you don't trust the binary version, you can always build BitKey from source.

Do I have to be ultra paranoid to use BitKey?

No. We understand that people routinely trade off security for convenience, otherwise they wouldn't get anything done.

We recognize that there is an inescapable trade off between convenience and security and that risk is proportional to the value of your wallet. So it doesn't make sense to enforce any specific trade off. We want BitKey to help make the most paranoid usage model practical for day to day use but at the same time, we want to let the user decide how high (or low) to raise the bar. It should be your choice.

Is BitKey perfect?

No. There's room for improvement. Mostly in terms of improving the usability and reducing the potential for human error. Also, adding support for locally attached printers so you can print paper wallets. Stuff like that.

But for a solution to be useful it doesn't need to be perfect, just better than the alternatives for some use cases.

Unfortunately, the problem is many people currently using Bitcoin don't understand the risks they are taking and place too much trust on incredibly insecure solutions such as web based Bitcoin wallets, accessed from a general purpose PC that is installed, configured and used by a person who is not and will never be a security expert. That might be OK for very low value wallets that you wouldn't mind losing but beyond that it is very foolish.