Lightwallet-powered cold storage solution.
Icebox is a simple Ether cold storage solution based on Lightwallet. It makes it easy to securely generate new keys and addresses on an airgapped device as well as spend from those addresses.
The security of Icebox relies on the computer it's running on being disconnected from the internet at all times. If you run it on an internet-connected computer all security guarantees go out the window. Always make sure to close the browser when you're done with your session.
git clone https://github.com/ConsenSys/icebox.git
sudo npm install
npm run build
Now open dist/icebox.html in a browser.
Put the dist folder and its files on a USB stick and transfer the
files to the airgapped computer. Then open the file icebox.html.
Serve the icebox.html file from a server or a computer on the local
network. Open the location in Safari on the iOS device and add it to
Reading List. This will save the page locally on the device. For the
best experience you should also install the Workflow
App (see below).
Now reset the network settings on your iOS device and put it in airplane mode. Your iOS device is now airgapped and you can start using Icebox. For security, never connect the iOS device to the internet after you have entered your seed into it. If you want to stop using it as a cold wallet do a hard reset before connecting it to the network again.
Type in some random text and hit "Create New Wallet". The user-defined text is hashed together with a random string generated by Lightwallet. For a guaranteed 128 bits of randomness in your seed, roll a set of 5 dice 10 times to create a string like this:
12453 33234 23441 66134 44432 21245 52345 12346 66333 43211
A popup will appear with your 12 word seed. Write this down on a piece of paper and/or memorize it. Select a password, this password will be used to encrypt the wallet in the browser during the session.
Simply enter in your seed and Icebox will generate the private keys from it.
Private keys and addresses are generated from the seed and you can show these. If the page runs in Safari on an iOS device you can couple Icebox with the Workflow app. If you have the Workflow app installed you can click the link and show the QR codes in Workflow.
Export your addresses out to your regular computer and you can start sending Ether to those addresses.
You can spend from your cold addresses by entering in the address you want to send to. Note: Never enter an Ethereum address manually!! Ethereum addresses don't have checksums. Always copy the address from a QR code or from a USB stick if on an airgapped computer. You also need to enter the nonce of the address you're sending from. You can find the nonce of an address using a block explorer like EtherCamp.
Once you hit "Create Transaction" a signed transaction is created and
displayed. You can now take this signed transaction and transmit it to
the network, for instance using web3.eth.sendRawTransaction(tx) in
the geth console, or using the bundled website sendtx.html. If
you're using an airgapped computer you can use a USB stick to transfer
the signed transaction out, or if you're using an iOS device you can
use the Workflow App which will display the transaction as a QR code.
If using Icebox on iOS we recommend using the Workflow App. You need at least two workflows with the exact names "AddressQR" and "TransactionQR". They are of type "Action Extension" and defined as follows:
- AddressQR: Split Text (Separator: Underscore character "_"), Generate QR Code, Quick Look
- TransactionQR: Generate QR Code, Quick Look
When spending from the cold addresses it's also good to have a workflow in the Workflow app that reads a QR code of the destination address and copies the corresponding info to the Clipboard. This is to avoid having to type in the destination address manually which you should NEVER do.