SafeCard CLI Released!
After much parsing of bytes and writing of code, we’re happy to announce that the GridPlus safecard-cli is now available! This free open-source application ensures that you’ll always be able to recover critical backups stored on GridPlus SafeCards even if you longer have access to a Lattice1.
As it stands, using a SafeCard with the Lattice1 allows users to create a secure cold wallet, to use it as a hot wallet when inserted into the Lattice1, to create redundant backups of their SafeCard and Lattice1 onboard wallets, and to do it all without requiring they store security undermining seed phrases in their sock drawers.
As a complement to these capabilities, the safecard-cli provides access to some essential SafeCard functionality outside of the Lattice1. Running it requires only the safecard-cli binary, your SafeCard, a generic HID card reader, and a MacOS or Windows computer (you can also build from source on Linux).
You can find the SafeCard command line interface (CLI) tool here.
Included Functionality
This post covers general functionality, but specific usage is documented in the README of the
safecard-clirepo.
safecard-cli currently provides three functions: export seed, export private keys, and delete seed. Providing this functionality outside of the Lattice1 accomplishes three things:
- Ensures that a SafeCard user’s keys will never be “vendor locked.” With this library, even if every Lattice1 on earth was abducted by aliens, SafeCard users would be able to merrily export their wallets anyway.
- Allows us to offer some potentially dangerous functionality, namely delete seed, without adding it to the Lattice1 directly, where it could lead to some disastrous accidents for inexperienced users. Though it is possible we’ll offer this functionality on Lattice in the future, perhaps in an “advanced mode.”
- Makes exporting seeds as text more convenient than it could be on the Lattice, as users will not have to manually transcribe lengthy hex strings from their Lattice screen to their computers like some kind of cypherpunk monk, but can instead simply copy and paste their data. Note that export seed functionality is not available from the Lattice screen — this is just an example of a bad UX we imagined.
So, now that you know why we did it, what follows is a description of what the safecard-cli can do.
Export Seed
First, exporting a SafeCard seed allows the owner of a SafeCard to extract their wallet’s master seed, from which all of its keys and addresses are derived, so that they can be used externally to the Lattice1. This function is, of course, protected by user PIN verification. With the master seed in hand, a user has all of the information needed to derive any keys needed to gain access to their funds on another device.
Note: This exports the wallet’s binary seed, which is a hash of the more commonly used seed phrase. To say it again: this is not your seed phrase.
Export Private Keys
Since this derived value is the wallet seed, rather than the more commonly seen “seed phrase,” and the details of deriving keys from this value can get rather complicated, we’ve also provided an export private keys function.
The export private keys function will perform the key derivations most useful for importing Ethereum and Bitcoin private keys into popular 3rd party wallets. This allows an easy path for users to export their accounts from a SafeCard and directly import them into another wallet.
Delete Seed
The final function in this safecard-cli release is delete seed. Delete seed allows a user to permanently remove the wallet seed from a SafeCard. This effectively destroys the existing wallet, as all of the addresses derived from the seed will no longer be available on the card. This could be used to delete lingering SafeCard data after moving a wallet to ensure no additional record of your wallet secrets exists.
Delete seed can also be used to destroy an unwanted wallet and make a card available to host a fresh wallet. After deleting the seed, simply insert the card into the Lattice1 and the wallet initialization process will be triggered again. The card will generate a new seed and effectively will be storing a new wallet.
This functionality ensures that even in the absence of a Lattice1, SafeCard stored wallets will always be 100% accessible and under user control. We hope this additional guarantee enhances the already high level of security and reliability that SafeCard key storage provides.
Questions?
Keep up to date by following GridPlus on Twitter and come speak with us directly and ask questions on our new Discord server and Reddit.
