index.html

<!DOCTYPE html>
<html lang="en">

<head>
  <meta charset="utf-8">
  <meta name="viewport" content="width=device-width, initial-scale=1.0">

  <title>BitKey - Secure Bitcoin Swiss Army Knife</title>

  <link href="https://netdna.bootstrapcdn.com/bootstrap/3.0.3/css/bootstrap.min.css" rel="stylesheet" type="text/css">

  <link href="https://netdna.bootstrapcdn.com/font-awesome/4.0.3/css/font-awesome.min.css" rel="stylesheet" type="text/css">
  <link href="https://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic" rel="stylesheet" type="text/css">
  <link href="https://fonts.googleapis.com/css?family=Montserrat:400,700" rel="stylesheet" type="text/css">

  <link rel="stylesheet" href="css/style.css" type="text/css">
  <link rel="shortcut icon" href="img/favicon.png">

  <script>
    (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
    (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
    m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
    })(window,document,'script','//www.google-analytics.com/analytics.js','ga');
    ga('create', 'UA-49403813-1', 'bitkey.io');
    ga('require', 'outboundLinkTracker', {
      events: ['click', 'auxclick', 'contextmenu']
    });
    ga('send', 'pageview');
  </script>

</head>

<body id="page-top" data-spy="scroll" data-target=".navbar-custom">

  <!-- navbar -->
  <nav class="navbar navbar-custom navbar-fixed-top" role="navigation">
    <div class="container">
      <div class="navbar-header page-scroll">
        <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-main-collapse">
          <i class="fa fa-bars"></i>
        </button>
        <a class="navbar-brand" href="#page-top"><img class="logo"
        src="img/bitkey-small-icon.png" />BitKey</a>
      </div>

      <div class="collapse navbar-collapse navbar-right navbar-main-collapse">
        <ul class="nav navbar-nav">
          <li class="hidden"><a href="#page-top"></a></li>
          <li class="page-scroll"><a href="#overview">Overview</a></li>
          <li class="page-scroll"><a href="#usage">Usage</a></li>
          <li class="page-scroll"><a href="#security">Security</a></li>
          <li class="page-scroll"><a href="#features">Features</a></li>
          <li class="page-scroll"><a href="#download">Download</a></li>
          <li class="page-scroll"><a href="#about">About</a></li>
        </ul>
      </div>
    </div>
  </nav>

  <!-- intro -->
  <section class="intro">
    <div class="intro-body">
      <div class="container">
        <div class="row">
          <div class="col-md-8 col-md-offset-2">

            <h1 class="brand-heading"><img height=80 src="img/bitkey.png"/></h1>

        <p class="intro-text">Bitcoin Swiss Army Knife in a verifiably secure
        self-contained Live CD/USB. Supports air-gapped Bitcoin
        transactions. Makes offline cold storage (slightly more) practical.</p>


            <ul class="list-inline">
              <li><a href="#iso" data-toggle="modal" class="btn btn-warning btn-lg"><span class="glyphicon glyphicon-download"></span> Download (14.2.0)</a></li>
              <li><a href="https://github.com/bitkey/bitkey" class="btn btn-info btn-lg"><i class="fa fa-github fa-fw"></i> <span class="network-name">Source (GitHub)</span></a></li>
            </ul>
            
            <div class="page-scroll">
              <a href="#overview" class="btn btn-circle">
                <i class="fa fa-angle-double-down animated"></i>
              </a>
            </div>

          </div>
        </div>
      </div>
    </div>
  </section>

  <!-- overview -->
  <section id="overview" class="container content-section">
    <div class="row">
      <div class="col-lg-8 col-lg-offset-2">
        <a id="faq" name="questions"></a><h2>Overview</h2>

        <h3>What's BitKey?</h3>

        <p>BitKey is a bootable system image based on Debian containing
        everything you need to perform highly secure air-gapped Bitcoin
        transactions. You don't need to install it to a hard drive
        because it runs live from RAM. You just write the
        ISO image <a href="https://www.turnkeylinux.org/blog/iso2usb">to a
        USB drive</a> or burn it to CDROM.</p>
        
        <p>Under the hood it contains a swiss army knife of handy
        Bitcoin tools that support a wide range of usage models,
        including a few very secure ones which would otherwise be
        difficult to perform. We created BitKey because we wanted something 
        like it for our own use.</p>

        <p>We're avid Bitcoin fans but after going to our first local
        Bitcoin meetup we discovered the elephant in the room was that
        there was no easy way to perform <a
        href="https://en.bitcoin.it/wiki/Cold_storage">cold storage</a> Bitcoin
        transactions where the wallet lives on an air-gapped system
        physically disconnected from the Internet.</p>

        <p>The idea was to see if we could use the <a
        href="https://www.turnkeylinux.org/tkldev">TurnKey GNU/Linux
        build system</a> to create a self-contained read-only CD/USB
        stick with everything you need to perform Bitcoin transactions
        with as much security as you wanted - including highly secure
        air-gapped Bitcoin transactions.</p>

        <h3>How do I use BitKey?</h3>

        <p>We've documented several common use cases right on this
        website's <a href="#usage">usage section</a>. Click on the
        various boot modes for instructions.</a>

        <h3>How secure are air-gapped systems?</h3>

        <p>It depends! Air-gapped systems raise the bar because they are
        physically prevented from communicating with the Internet. That
        prevents an attacker that doesn't have physical access from
        actively attacking the computer and/or remote controlling
        it.</p>

        <p>But like all other security measures air-gaps are no silver
        bullet, especially when you don't trust the system behind the
        air-gap. There are many ways an evil air-gapped system can
        betray its user, including creating bad transactions and
        smuggling out secret keys via covert channel (e.g., USB keys,
        high frequency sound, covert activation of Bluetooth/wifi
        chipset, etc.)</p>

        <h3>Do I have to use BitKey on a separate air-gapped
        computer?</h3>

        <p>Not if you don't want to, or if you just don't need the extra
        security. BitKey also works online in two modes: cold-online and
        hot-online. See the <a href="#usage">usage section</a> for details.</p>

        <h3>How much security does BitKey provide?</h3>

        <p>It depends! At one extreme, using BitKey in just the right way is currently
        the <a
        href="https://www.turnkeylinux.org/blog/closest-you-can-get-to-perfectly-secure-bitcoin-transactions">closest you can get to perfectly secure Bitcoin transactions</a>
        (without doing them in your head).</p>

        <p>Even when you use BitKey in the most insecure mode possible
        (e.g., <a href="#usage-hot" data-toggle="modal">hot-online</a>) it still provides better security than 99% of Bitcoin
        users are getting from their web wallets and Bitcoin phone
        apps.</p>

        <p>If the theft of hundreds of millions of dollars worth of Bitcoin from
        the Bitcoin exchanges has left you, like us, with a healthy sense
        of paranoia, then you'll want to use BitKey in the <a
            href="https://www.turnkeylinux.org/blog/closest-you-can-get-to-perfectly-secure-bitcoin-transactions#kill-bitkey">most
        secure way possible</a> in which case nobody in the world is
        getting better security for their Bitcoin transactions.
        Nobody.</p>

        <h3>How does BitKey compare with a hardware wallet like Trezor?</h3>

        <p>In terms of pricing and availability, BitKey is free and runs on ubiquitous general purpose
        computers.</p>

        <p>In terms of security, it can provide equivalent or better
        security than a hardware wallet, depending on how you use it.</p>
        
        <p>In terms of convenience it's hard to beat a hardware wallet.
        Using BitKey to implement the most paranoid, trust-minimized
        workflows provides superior security at the price of not being as easy to
        use.</p>
        
        <p>For an in-depth analysis, read the discussion with Trezor
        developer Tomas Dzetkulic (<a href="https://www.turnkeylinux.org/blog/closest-you-can-get-to-perfectly-secure-bitcoin-transactions#comment-20749">better security than Trezor?</a>) and judge the pros and cons for yourself.
        
        </p>

        <h3>Do I need to trust BitKey not to steal my Bitcoin?</h3>

        <p>Not if you're careful. In fact, if you have reason to worry
        we encourage you not to trust BitKey. In the words of our dear
        leader: <a href="https://nakamotoinstitute.org/trusted-third-parties/">
        trusted third parties are a security hole.</a></p>

        <p>As a Bitcoin swiss army knife BitKey supports many usage models.
        What's interesting is that this includes at least one use case
        which doesn't require you to trust BitKey at all. We call it the
        <em><a
        href="https://www.turnkeylinux.org/blog/closest-you-can-get-to-perfectly-secure-bitcoin-transactions#kill-bitkey">If
        I tell you I'll have to kill you</a></em> usage model. It
        provides almost perfect security even if BitKey itself is rotten
        to the core.</p>

        <p>Also, if you don't trust the binary version, you can always
        build BitKey <a href="https://github.com/bitkey/bitkey">from source</a>.</p>

        <h3>Do I have to be ultra paranoid to use BitKey?</h3>

        <p>No. We understand that people routinely trade off security
        for convenience, otherwise they wouldn't get anything done.</p>

        <p>We recognize that there is an inescapable trade off between
        convenience and security and that risk is proportional to the
        value of your wallet. So it doesn't make sense to enforce any
        specific trade off. We want BitKey to help make the most
        paranoid usage model practical for day to day use but at the
        same time, we want to let the user decide how high (or low) to
        raise the bar. It should be your choice.</p>

        <h3>Is BitKey perfect?</h3>

        <p>No. There's room for improvement. Mostly in terms
        of improving the usability and reducing the potential for human
        error. Also, adding support for locally attached printers so you
        can print paper wallets. Stuff like that.</p>

        <p>But for a solution to be useful it doesn't need to be
        perfect, just better than the alternatives for some use
        cases.</p>

        <p>Unfortunately, the problem is many people currently using
        Bitcoin don't understand the risks they are taking and place too
        much trust on incredibly insecure solutions such as web based
        Bitcoin wallets, accessed from a general purpose PC that is
        installed, configured and used by a person who is not and will
        never be a security expert. That might be OK for very low value
        wallets that you wouldn't mind losing but beyond that it is very
        foolish.</p>
    </div>
   </div>
  </section>

  <!-- setup -->
  <section id="setup" class="container content-section">
    <div class="row">
      <div class="col-lg-8 col-lg-offset-2">
        <a id="install"></a><h2>Installing BitKey</h2>
        <p><b>BitKey on CDROM</b>: use your favorite program to burn the ISO to CDROM.
        Nothing special. CDROMs are naturally read-only and tamper resistant.</p>
        <p><b>BitKey on USB</b>: If you don't burn BitKey to a CDROM, writing BitKey to a
        USB stick with a hardware read-write toggle (e.g., Kanguru FlashBlu) is
        the next best thing.</p>
        <p>On USB sticks without write protection, you can remove the BitKey USB after
        booting as an additional security measure. BitKey loads into RAM so
        after booting you no longer need the USB.</p>
        <ol class="arabic">
        <li><p>Insert USB stick and detect the device path:</p>
        <pre class="literal-block">
        $ dmesg|grep Attached | tail --lines=1
        [583494.891574] sd 19:0:0:0: [sdf] Attached SCSI removable disk
        </pre>
        </li>
        <li><p class="first">Write ISO to USB:</p>
        <pre class="literal-block">
        $ sudo dd if=path/to/bitkey.iso of=/dev/sdf
        $ lsblk | grep sdf
        sdf                                8:80   1   7.4G  1 disk
        └─sdf1                             8:81   1   444M  1 part
        </pre>
        </li>

    <h3>Data storage flash drive</h3>
    <p>By default, BitKey stores your wallet encrypted on a USB flash drive AKA
    USB stick.</p>
    <p>It expects your flash drive to be vfat formatted. This is the standard
    format for store bought drives. If this isn't the case, BitKey may have
    trouble detecting your drive. In that case you can reformat the drive
    from Windows, or on Linux / BitKey using the following steps:</p>
    <ol class="arabic">
    <li><p class="first">Insert data storage flash drive and detect the device path:</p>
    <pre class="literal-block">
    $ dmesg|grep Attached | tail --lines=1
    [583494.891574] sd 19:0:0:0: [sda] Attached SCSI removable disk
    </pre>
    </li>
    <li><p class="first">Reformat the drive:</p>
    <pre class="literal-block">
    $ sudo mkfs.vfat /dev/sda1
    mkfs.fat 3.0.27 (2014-11-12)
    </pre>
    </li>
    </ol>

    </div>
   </div>
  </section>

  <!-- usage -->
  <section id="usage" class="container content-section">
    <div class="row">
      <div class="col-lg-8 col-lg-offset-2">
        <a id="usage" name="usage"></a><h2>Usage</h2>

        <h3>Demo</h3>

        <video controls>
          <source src="img/screencast.webm" type="video/webm">
          <img src="img/screenshot.png" title="video not supported by browser">
        </video>

      <h3>Boot modes</h3>

        <p>BitKey Live CD/USB supports three modes of operation
        selected from a boot time menu.</p>

        <table class="table">
          <thead>
            <tr>
              <td>Mode</td>
              <td>Wallet</td> 
              <td>Transactions</td>
              <td>Security</td>
              <td>Background</td>
              <td>Convenience</td>
            </tr>
          </thead>
          <tbody>
            <tr>
              <td><a href="#usage-cold" data-toggle="modal">cold-offline (?)</a></td>
              <td>create</td>
              <td>sign</td>
              <td>high</td>
              <td>green for safe</td>
              <td>less</td>
            </tr>
            <tr>
              <td><a href="#usage-cold" data-toggle="modal">cold-online (?)</a></td>
              <td>watch</td>
              <td>prepare</td>
              <td>high</td>
              <td>blue for info</td>
              <td>less</td>
            </tr>
            <tr>
              <td><a href="#usage-hot" data-toggle="modal">hot-online (?)</a></td>
              <td>create &amp; watch</td>
              <td>prepare &amp; sign</td>
              <td>medium</td>
              <td>red for danger</td>
              <td>more</td>
            </tr>
          </tbody>
        </table>


        <h3>High security - Cold storage boot modes</h3>
        <p>Two cold storage modes:</p>

        <ol class="arabic">
            <li><p class="first"><b>cold-offline</b>: create wallet, sign
            transactions. In this mode, the desktop background is green (mnemonic for cool and safe)</p>
        </li>
        <li><p class="first"><b>cold-online</b>: watch wallet, prepare
            transactions. In this mode, the desktop background is blue (mnemonic for cool and informative)</p>
        </li>
        </ol>

        <p>If the instructions are carefully followed, cold storage modes creates
        an airgap which ensures that your wallet's private keys are never loaded
        into RAM on a computer connected to the Internet.</p>

        <h3>Medium security - Hot-online boot mode</h3>
        <p>In this mode the desktop background is red (mnemonic for hot and dangerous)</p>
        <p>Allows you to create &amp; watch wallet, prepare &amp; sign transactions.</p>
        <p>In hot online mode, the private keys are known to a computer connected
        to the Internet. This is the most convenient mode because you only need
        one computer. After booting BitKey resides in RAM and saves nothing to
        your hard drive.</p>

        <p>The flip side is smaller security margins:</p>
        <ul class="arabic simple">
            <li><p>You need to trust that your copy of BitKey hasn't been tampered with
        and that the original signed BitKey image hasn't been
        compromised.</p></li>
            <li><p>If you use a network enabled app (e.g., Chromium) and an attacker
        exploits a zero-day vulnerability to gain access to your online
        system, say goodbye to those Bitcoins!</p></li>
        </ul>

        <h3>Low security - Hot storage on your PC/phone</h3>
        <p>In this mode you don't use BitKey or any hardware wallet type device.
        Your wallet's private keys are stored on your phone or PC and known to
        an Internet enabled device that is vulnerable (or will be sometime in
        the future) to the efforts of thieves who would like nothing more than
        to steal your Bitcoin.</p>
        <p>You rely on the magical power of wishful thinking. You're not important
        enough to get hacked and any opportunistic malware infection you do get
        is not going to include any Bitcoin stealing functionailty. Right?
        Right! Good luck!</p>

      </div>
    </div>
  </section>

  <section id="brainwallet" class="container content-section">
    <div class="row">
      <div class="col-lg-8 col-lg-offset-2">

        <a href="#brainwallet"></a><h2>Paranoid brainwallet support</h2>

        <p>Hardest to use but leaves no trace of wallet keys in any storage medium.
        Minimizes trust in BitKey. Your wallet keys are only stored in your head.</p>

        <p>This workflow is inspired by <a href="https://maxtaco.github.io/bitcoin/2014/01/16/how-jason-bourne-stores-his-bitcoin/">how Jason Bourne stores his Bitcoin</a>.</p>

        <h3>Generating wallet</h3>
        <ol class="arabic simple">
        <li>Boot BitKey in cold-offline mode, remove BitKey USB</li>
        <li>Use Warpwallet to create a secure brainwallet</li>
        <li>Save public Bitcoin address (e.g., scan qrcode)</li>
        <li>To ensure private keys do not survive in RAM, turn off computer
        running BitKey and disconnect power source for 15 minutes.</li>
        </ol>
        <p>After generating wallet, you can send Bitcoin to this address.</p>

        <h3>Warpwallet Public Service Announcement</h3>

        <p><b>Do not use Warpwallet without a salt</b></p>
        
        <p>Unfortunately, Warpwallet makes it foolishly easy to skip the
        part where you input your e-mail as salt. Providing a salt mixes
        it in with the passphrase you provide. Non-experts may not
        realize how important this is. Without the salt, attackers can
        attempt to crack all Warpwallets simultaneously. With a salt,
        they have to divide their cracking power amongst a list of
        suspected e-mails. Cracking a million salted Warpwallets is a
        million times harder than cracking a million unsalted
        Warpwallets.</p>

        <p>Using a salt gets you much more security risk free. There are
        no privacy implications and your e-mail is never exposed
        anywhere. In fact, you can use any e-mail you want, as long as
        you're sure you won't forget it.</p>

        <p><b>Creating a secure passphrase and remembering it is hard</b></p>
        <ol class="arabic">
        <li><p class="first">Humans are poor sources of randomness and much more predictable using
        statistical models than they think. Technology is ever moving forward
        and cracking techniques always get better, never worse. You may not
        be familiar with the state of the art, so be extra careful.</p>
        <p>The ideal passphrase is 6 to 8 truly random diceware words. If you're
        going to try and come up with a random passphrase yourself, be
        paranoid. They really are out to get you. At least use zxcvbn to
        measure passphrase strength. It's not perfect, but it should give you
        a clue. You'll want at least 65 bits of entropy for a salted
        warpwallet, especially if you are going to be storing funds
        long-term.</p>
        <p><b>DO NOT USE KNOWN PHRASES, QUOTES OR SENTENCES FROM A BOOK.</b></p>
        </li>
        <li><p class="first">More wallets are lost to routine forgetfulness than sophisticated
        theft. If you're not continually accessing your Warpwallet there is a
        very high likelyhood you will eventually forget your passphrase after
        a few months or a few years. You only need to forget a single
        character for your wallet to be lost forever. This risk needs to be
        balanced with the risks of making a paper backup.</p>
        <p>Consider making a paper backup of your passphrase and destroying it
        only when you are absolutely sure you will not forget it, then use
        spaced reptition learning to ensure it stays in memory until you want
        to access the funds.</p>
        </li>
        </ol>

        <p>Thanks to <a href="https://rya.nc/about.html">Ryan Castellucci</a> for inspiring this section.</p>

        <h3>Generating unsigned transaction step</h3>
        <p>This step is easiest to do from an Electrum watch-wallet on a PC, but
        you can also do it from BitKey:</p>
        <ol class="arabic">
        <li><p class="first">Boot BitKey in cold-online mode, remove BitKey USB</p>
        </li>
        <li><p class="first">Restore watch-only wallet and run Electrum, from command line:</p>
        <pre class="literal-block">
        $ electrum restore $PUBLIC_ADDRESS
        $ electrum
        </pre>
        </li>
        <li>Insert USB stick for storing unsigned transaction
        </li>
        <li>Fill in recipient under Send tab and &quot;Save&quot; unsigned
        transaction to USB at /media/usb/
        </li>
        <li><p class="first">Shutdown/Reboot BitKey</p>
        </li>
        </ol>

        <h3>Signing transaction step</h3>
        <ol class="arabic">
        <li><p class="first">Boot BitKey in cold-offline mode, remove BitKey USB</p>
        </li>
        <li><p class="first">Insert USB stick where you stored unsigned transaction. Copy to RAM
        and remove from disk:</p>
        <pre class="literal-block">
        $ cp /media/usb/unsigned.txt ~/     #  uses RAM for storage
        $ srm /media/usb/unsigned.txt       # secure delete unsigned transaction
        </pre>
        </li>
        <li><p class="first">Unplug USB stick</p>
        </li>
        <li><p class="first">Use Warpwallet to restore brainwallet private key</p>
        </li>
        <li><p class="first">Launch Electrum from command line so that it stores wallet in RAM:</p>
        <pre class="literal-block">
        $ electrum -w /tmp/brainwallet
        </pre>
        </li>
        <li><p class="first">Import private key and sign transaction</p>
        <ul class="simple">
        <li>In the Electrum Install Wizard, select 'Restore a wallet or import keys'</li>
        <li>Cut and paste the private key, click Next</li>
        <li>Click Next again (you don't need encryption for a wallet in RAM)</li>
        <li>Tools &gt; Load transaction &gt; From file</li>
        <li>Verify Outputs, Sign &amp; Save signed transaction</li>
        </ul>
        </li>
        <li><p class="first">Create a QRCode for the signed transaction:</p>
        <ul class="simple">
        <li>Open Signed transaction in text editor</li>
        <li>Open qrcode app: cut and paste hex of signed transaction</li>
        </ul>
        </li>
        <li><p class="first">Scan qrcode of signed transaction with phone and broadcast
        transaction to network.</p>
        </li>
        <li><p class="first">Turn off BitKey, disconnect power source, wait 15 minutes to clear
        RAM</p>
        </li>
        </ol>

      </div>
    </div>
  </section>

  <!-- security -->
  <section id="security" class="container content-section">
    <div class="row">
      <div class="col-lg-8 col-lg-offset-2">

        <h2>Security guidelines</h2>

        <ul class="simple">
            <li><b>Defense in depth</b>: increase security by forcing attackers to overcome a
        plurality of obstacles.</li>
            <li><b>Minimize trust</b>: minimize the number of third parties that need to be
        trusted, and minimize the degree of trust that needs to be placed on
        the existing trusted parties (e.g., BitKey developers to a degree).</li>
            <li><b>Minimized complexity</b>: attack surface grows with complexity, so
        decrease complexity by minimizing number of components, using simpler
        components (e.g., chromium with webapps)</li>
            <li><b>Minimum privilege level policy</b>: for example, if a component doesn't
        need network access, don't give it to it. If a mode doesn't need
        network access, enforce lack of network access.</li>
            <li><b>Transparency and verifiability</b>: only use open source components who's
        integrity can be verified in principle and in which violations of
        integrity are more likely to be detected.</li>
            <li><b>Assume and attempt to compensate for human
                    fallibility</b>: avoid assuming
        users are advanced Bitcoin and security experts. Do the most to
        protect them from natural mistakes and lack of awareness with more
        secure defaults, friendly reminders, health warnings, tools for
        verifying against mistakes.</li>
        </ul>

        <p>See <a
            href="https://github.com/bitkey/bitkey/blob/master/README.rst">README</a>
        in source code for specifics.</p>

      </div>
    </div>
  </section>


  <!-- build -->
  <a id="make"></a>
  <section id="build" class="container content-section">
    <div class="row">
      <div class="col-lg-8 col-lg-offset-2">

          <h2>How to build from source</h2>

        <p>BitKey is built with <a class="reference external" href="http://www.turnkeylinux.org/tkldev">TKLDev</a>, the TurnKey GNU/Linux build system.</p>
        <ol class="arabic">
        <li><p class="first">Deploy TKLDev (e.g., as a local VM)</p>
        </li>
        <li><p class="first">SSH into TKLDev, clone bitkey git repo and
            run make:</p>
        <pre class="literal-block">

        ssh tkldev

        cd products
        git-clone https://github.com/bitkey/bitkey

        cd bitkey
        make        

        </pre>
        </ul>
        </ol>

        <p>You're done, enjoy your new BitKey ISO file:</p>
        <pre>
        
        ls -la build/product.iso 
        -rw-r--r-- 1 root root 466616320 Jan 17 21:46 build/product.iso

        </pre>

      </div>
    </div>
  </section>


  <!-- usage modals -->
  <div id="usage-hot" class="modal fade" tabindex="-1" role="dialog" aria-labelledby="usage-hot-label" aria-hidden="true">
    <div class="modal-dialog">
      <div class="modal-content">
        <div class="modal-header">
          <button type="button" class="close" data-dismiss="modal" aria-hidden="true">&times;</button>
          <h4 class="modal-title" id="usage-hot-label">Usage: Hot
          Storage (online wallet)</h4>
        </div>
        <div class="modal-body">
          <p>This mode trades off security for the convenience of not
          having to sign transactions on a separate offline
          computer. We recommend it for low-medium value wallets. It's
          better than storing your wallet on a typical malware infested
          PC.</p>
          
            <ul>
              <li>Insert BitKey device and power on PC</li>
              <li>Select <code>hot-online</code> from the bootmenu</li>
              <li>Once the OS has loaded, remove BitKey device</li>
              <li>Insert data storage USB device</li>
              <li>Open Electrum</li>
              <ul>
                <li>Enter passhprase for secure encrypted storage</li>
                <li>Select <code>create wallet</code></li>
                <li>Write down mnemonic seed on paper (store in lockbox)</li>
                <li>Prepare and sign Bitcoin transactions...</li>
              </ul>
              <li>Close Electrum</li>
              <li>Remove data storage USB device</li>
              <li>Shutdown BitKey</li>
            </ul>

        </div>
      </div>
    </div>
  </div>

  <div id="usage-cold" class="modal fade" tabindex="-1" role="dialog" aria-labelledby="usage-cold-label" aria-hidden="true">
    <div class="modal-dialog">
      <div class="modal-content">
        <div class="modal-header">
          <button type="button" class="close" data-dismiss="modal" aria-hidden="true">&times;</button>
          <h4 class="modal-title" id="usage-cold-label">Usage: Cold
          Storage (offline wallet)</h4>
        </div>
        <div class="modal-body">

          <p>This mode trades off convenience for the security of
          keeping your wallet offline in <a href="https://en.bitcoin.it/wiki/Cold_storage">cold storage</a>. Transactions are prepared in cold-online mode and signed in
          cold-offline mode. This usage model is appropriate for
          medium-high value Bitcoin wallets.</p>

          <p>The most paranoid usage model assumes an evil BitKey is
          part of the attack. It's the <a href="https://www.turnkeylinux.org/blog/closest-you-can-get-to-perfectly-secure-bitcoin-transactions">closest you can get to perfectly secure Bitcoin transactions</a> without doing them in your head.</p>


          <ul class="nav nav-tabs nav-justified">
            <li class="active"><a href="#single" data-toggle="tab">Single PC</a></li>
            <li><a href="#multiple" data-toggle="tab">Multiple PC's</a></li>
            <li><a href="#paranoid" data-toggle="tab">Multiple PC's (paranoid)</a></li>
          </ul>

          <div class="tab-content">
            <div class="tab-pane fade in active" id="single">

              <h4>cold-offline (create wallet)</h4>

              <ul>
                  <li>Insert BitKey device and power on PC</li>
                  <li>Select <code>cold-offline</code> from the bootmenu</li>
                  <li>Insert data storage USB device</li>
                  <li>Open Electrum</li>
                  <ul>
                    <li>Enter passhprase for secure encrypted storage</li>
                    <li>Select <code>create wallet</code></li>
                    <li>Write down mnemonic seed on paper (store in lockbox)</li>
                  </ul>
                  <li>Close Electrum</li>
                  <li>Remove data storage USB device</li>
                  <li>Shutdown BitKey</li>
              </ul>

              <h4>cold-online (prepare transaction)</h4>
              <ul>
                  <li>Insert BitKey device and power on PC</li>
                  <li>Select <code>cold-online</code> from the bootmenu</li>
                  <li>Once the OS has loaded, remove BitKey device</li>
                  <li>Insert data storage USB device</li>
                  <li>Open Electrum</li>
                  <ul>
                    <li>Prepare transaction, save to USB</li>
                  </ul>
                  <li>Close electrum</li>
                  <li>Remove data storage USB device</li>
                  <li>Shutdown BitKey</li>
              </ul>

              <h4>cold-offline (sign transaction)</h4>
              <ul>
                  <li>Insert BitKey device and power on PC</li>
                  <li>Select <code>cold-offline</code> from the bootmenu</li>
                  <li>Insert data storage USB device</li>
                  <li>Open Electrum</li>
                  <ul>
                    <li>Enter passhprase for secure encrypted storage</li>
                    <li>Import unsigned transaction from USB</li>
                    <li>Sign transaction and save to USB</li>
                  </ul>
                  <li>Close Electrum</li>
                  <li>Remove data storage USB device</li>
                  <li>Shutdown BitKey</li>

               </ul>

              <h4>cold-online (broadcast signed transaction)</h4>
              <ul>
                  <li>Insert BitKey device and power on PC</li>
                  <li>Select <code>cold-online</code> from the bootmenu</li>
                  <li>Once the OS has loaded, remove BitKey device</li>
                  <li>Insert data storage USB device</li>
                  <li>Open Electrum</li>
                  <ul>
                    <li>Load signed transaction from USB and broadcast</li>
                  </ul>
                  <li>Close Electrum</li>
                  <li>Remove data storage USB device</li>
                  <li>Shutdown BitKey</li>

                </ul>
            </div>

            <div class="tab-pane fade" id="multiple">

              <p>The recommended workflow with multiple PC's is to use another USB storage device, which we'll call <i>shuttle</i>, for transfering data between your regular PC and BitKey cold-offline.</p>

              <h4>BitKey (create wallet)</h4>
              <ul>
                  <li>Insert BitKey device and power on PC</li>
                  <li>Select <code>cold-offline</code> from the bootmenu</li>
                  <li>Insert data storage USB device</li>
                  <li>Open Electrum</li>
                  <ul>
                    <li>Enter passhprase for secure encrypted storage</li>
                    <li>Select <code>create wallet</code></li>
                    <li>Write down mnemonic seed on paper (store in lockbox)</li>
                  </ul>
                  <li>Insert <i>shuttle</i> USB</li>
                  <li>In Electrum, export <i>master public key</i> to <i>shuttle</i> USB</li>
                  <li>Remove <i>shuttle</i> USB</li>
                </ul>

              <h4>Regular PC (prepare transaction)</h4>
              <ul>
                  <li>Install Electrum</li>
                  <li>Insert <i>shuttle</i> USB</li>
                  <li>Open Electrum</li>
                  <ul>
                    <li>Select <code>create watch-only wallet</code></li>
                    <li>Enter <i>master public key</i></li>
                    <li>Prepare transaction, save to <i>shuttle</i> USB</li>
                  </ul>
                  <li>Remove <i>shuttle</i> USB</li>
              </ul>

              <h4>BitKey (sign transaction)</h4>
                  <ul>
                      <li>Insert <i>shuttle</i> USB</li>
                      <li>In Electrum, import unsigned transaction, sign it, save to <i>shuttle</i> USB</li>
                      <li>Remove <i>shuttle</i> USB</li>

                  </ul>

              <h4>Regular PC (broadcast signed transaction)</h4>
                <ul>
                  <li>Insert <i>shuttle</i> USB</li>
                  <li>In Electrum, import signed transaction and broadcast to network</li>
                </ul>
            </div>

            <div class="tab-pane fade" id="paranoid">

              <p>The recommended workflow with multiple PC's is to use
              another USB storage device, which we'll call
              <i>shuttle</i> for transfering unsigned transactions
              from your regular PC to BitKey cold-offline, and a
              smartphone with QR code scanner to transfer from BitKey
              cold-offline to regular PC.</p>

              <h4>BitKey (create wallet)</h4>
              <ul>
              <li>Insert BitKey device and power on PC</li>
              <li>Select <code>cold-offline</code> from the bootmenu</li>
              <li>Once the OS has loaded, remove BitKey device</li>
              <li>Insert <i>wallet</i> data storage USB device</li>
              <li>Open Electrum</li>
              <ul>
                <li>Enter passhprase for secure encrypted storage</li>
                <li>Select <code>create wallet</code></li>
                <li>Write down mnemonic seed on paper (store in lockbox)</li>
                <li>Display <i>master public key</i> and capture with QR code scanner on smartphone</li>
              </ul>
              <li>Close Electrum</li>
              <li>Remove <i>wallet</i> data storage USB device</li>
              <li>Shutdown BitKey</li>
              </ul>

              <h4>Regular PC (prepare unsigned transaction)</h4>
              <ul>
              <li>Install Electrum</li>
              <li>Insert <i>shuttle</i> USB</li>
              <li>Open Electrum</li>
              <ul>
                <li>Select <code>create watch-only wallet</code></li>
                <li>Enter <i>master public key</i> (transfered from smartphone)</li>
                <li>Prepare transaction, save to <i>shuttle</i> USB</li>
              </ul>
              <li>Remove <i>shuttle</i> USB</li>
              </ul>

              <h4>BitKey (import unsigned transaction)</h4>
              <ul>
              <li>Insert BitKey device and power on PC</li>
              <li>Select <code>cold-offline</code> from the bootmenu</li>
              <li>Once the OS has loaded, remove BitKey device</li>
              <li>Insert <i>shuttle</i> USB</li>
              <li>Open file manager and copy unsigned transaction</li>
              <li>Remove <i>shuttle</i> USB</li>
              </ul>

              <h4>BitKey (sign transaction)</h4>
              <ul>
              <li>Open Electrum</li>
              <ul>
                <li>Enter passhprase for secure encrypted storage</li>
                <li>Import unsigned transaction</li>
                <li>Sign transaction and save</li>
              </ul>
              <li>Close Electrum</li>
              <li>Remove <i>wallet</i> data storage USB device</li>
              <li>Open QR Code generator</li>
              <ul>
                <li>Insert the signed transaction data</li>
                <li>Capture with QR Code scanner on smartphone</li>
              </ul>
              <li>Shutdown BitKey</li>
              </ul>

              <h4>Regular PC (broadcast signed transaction)</h4>
              <ul>
              <li>In Electrum, import signed transaction (transfered from smartphone)</li>
              <li>Verify and broadcast to network</li>
              </ul>
            </div>

          </div>

        </div>
      </div>
    </div>
  </div>

  <!-- features -->
  <section id="features" class="content-section">
    <div class="features-section">
      <div class="container">
        <div class="col-lg-8 col-lg-offset-2">
          <h2>Features</h2>

          <div class="row features">
            <div class="col-lg-6">
              <h4>Free Software</h4>
              <p>BitKey is <a
              href="https://www.turnkeylinux.org/faq/why-should-i-care-about-free-software">free
              software</a>. It's hosted on GitHub, available for
              peer-review and improvement by anyone in the free software
              & Bitcoin communities.</p>

              <h4>Encrypted Wallet Storage</h4>
              <p>Wallet files are stored in a LUKS encrypted loopback filesystem. During creation, estimated passphrase strength such as entropy and crack time is displayed.</p>

            </div>

            <div class="col-lg-6">
              <h4>Lightweight Debian Live OS</h4>
              <p>BitKey boots live (no installation required), and
              copies itself into RAM, allowing the boot media to be
              safely removed.</p>

              <h4>Included software</h4>
              <p>Electrum Bitcoin client, warpwallet, coinbin, incognito
              chromium, bitaddress, bitcoin paper wallet, qrcode, zxcvbn and
              bx. File manager, network, printer and wireless managers.
              On-screen keyboard. Auto-mounting USB storage support.</p>

            </div>
          </div>

        </div>
      </div>
    </div>
  </section>

  <!-- download -->
  <section id="download" class="content-section">
    <div class="download-section">
      <div class="container">
        <div class="col-lg-8 col-lg-offset-2">
          <h2>Download</h2>

          <p>Download the latest BitKey ISO image and burn to
          USB or CD using <a href="#install">the instructions above</a>.
          Alternatively, you can <a href="#make">build the ISO image</a> yourself from source.</p>
          
          <ul class="list-inline">
            <li><a href="#iso" data-toggle="modal" class="btn btn-warning btn-lg"><span class="glyphicon glyphicon-download"></span> Download (14.2.0)</a></li>
            <li><a href="https://github.com/bitkey/bitkey" class="btn btn-info btn-lg"><i class="fa fa-github fa-fw"></i> <span class="network-name">Source (GitHub)</span></a></li>
          </ul>
        </div>
      </div>
    </div>
  </section>

  <!-- iso download modal -->
  <div id="iso" class="modal fade" tabindex="-1" role="dialog" aria-labelledby="iso-label" aria-hidden="true">
    <div class="modal-dialog">
      <div class="modal-content">

        <div class="modal-header">
          <button type="button" class="close" data-dismiss="modal" aria-hidden="true">&times;</button>
          <h4 class="modal-title" id="iso">Download</h4>
        </div>

        <div style="padding-bottom: 30px;" class="modal-body">
          <p>Download the BitKey ISO image and burn it to a CDROM (the
          read-only kind) or USB flash drive.</p>

          <div class="text-center">
            <a target="_blank" href="http://mirror.turnkeylinux.org/turnkeylinux/images/iso/turnkey-bitkey-14.2.0-jessie-amd64.iso" class="btn btn-warning btn-lg"><span class="glyphicon glyphicon-download"></span> BitKey ISO (64bit)</a>
            <p style="font-size: 13px; padding-top: 10px;"><a
                target="_blank" href="https://releases.turnkeylinux.org/turnkey-bitkey/14.2.0-jessie-amd64/">Cryptographic signatures and package manifest</a></p>
          </div>

        </div>

        <div class="modal-header">
          <h4 class="modal-title">Security and news updates</h4>
        </div>
        <div class="modal-body">
          <p>Sign up to BitKey's low-traffic announcements newsletter to
          get important security bulletins and updates on major new
          releases.</p>

          <div style="padding-top: 0px" id="mc_embed_signup" class="form-inline">
            <form action="https://bitkey.us8.list-manage.com/subscribe/post?u=5620a8cb48b1076ba95552a8b&amp;id=d95bc45325" method="post" id="mc-embedded-subscribe-form" name="mc-embedded-subscribe-form" class="validate" target="_blank" novalidate>
              <input type="email" value="" name="EMAIL" class="form-control email" id="mce-EMAIL" placeholder="email address" required>
              <div style="position: absolute; left: -5000px;"><input type="text" name="b_5620a8cb48b1076ba95552a8b_d95bc45325" value=""></div>
              <input type="submit" value="Subscribe" name="subscribe" id="mc-embedded-subscribe" class="btn btn-warning">
            </form>
          </div>
        </div>

        <div class="modal-header">
          <h4 class="modal-title">Donations welcome</h4>
        </div>
        <div class="modal-body">
            <p>BitKey is free, but if you find it useful, consider donating to show your
            appreciation and support future development:</p>

            <p>1LefGyyk94jAKxdC1x79DftZhLTrRcWCtn</p>
        </div>


      </div>
    </div>
  </div>

  <!-- about -->
  <section id="about" class="content-section">
    <div class="about-section">
      <div class="container">
        <div class="col-lg-8 col-lg-offset-2">
          <div class="row about">
            <div class="col-lg-6">
              <h4>About BitKey</h4>

              <p>BitKey is a side project by the core developers of TurnKey
              GNU/Linux. We couldn't find a solution that satisfied our
              paranoia so we rolled our own.</p>

              <p>Other Bitcoin related projects by the TKL core devs
              include <a href="https://blockexplorer.com">Block
              Explorer</a> - a free software web tool for exploring the
              Bitcoin blockchain.</p>
              </div>

            <div class="col-lg-6">
              <h4>About TurnKey GNU/Linux</h4>

              <p><a href="https://www.turnkeylinux.org">TurnKey
              GNU/Linux</a> is a Debian based library of system
              images that pre-integrates and polishes the best free
              software components into ready-to-use solutions.</p>

              <p>TurnKey was started in 2008 by Alon Swartz and Liraz
              Siri who were inspired by a belief in the power of free
              software, like science, to promote the progress of a free
              & humane society.</p>

            </div>

            <div class="about-contact text-center">
              <a href="mailto:info@bitkey.io" class="btn btn-info btn-lg"><span class="glyphicon glyphicon-envelope"></span> Say Hello</a>
            </div>

          </div>
        </div>
      </div>
    </div>
  </section>

  <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script>
  <script src="https://netdna.bootstrapcdn.com/bootstrap/3.0.3/js/bootstrap.min.js"></script>
  <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery-easing/1.3/jquery.easing.min.js"></script>
  <script src="js/bitkey.js"></script>
  <script async src="js/autotrack.js"></script>
</body>

</html>