Seed The seed is the generic term to designate the secret data that is used to setup a wallet and access funds. A seed can take the form of: A Mnemonic seed which is a list of ordoned words; A Masterseed which is a list of raw bytes.

Export rights When you want to generate and/or store a new secret, the SeedkeeperTool will ask you what type of “Export Rights” you want for that specific secret. Secret can be exported in two ways, as defined during its creation: In plaintext : the secret is shown in plaintext on the SeedkeeperTool and can be copied to any other device. In encrypted form : the secret is encrypted for a specific device based on the authentikey, and can only be exported for that specific device.

Start - Seedkeeper

Q: How to check my card’s authentikey?

How to check my card’s authentikey? The authentikey is a public/private elliptic curve keypair that is unique per Seedkeeper device (and Satochip) and that can be used to authenticate a device and initiate a communication with it. You can check your card’s authentikey by following these steps: Grab your Seedkeeper or Satochip card and plug it in your card reader. Launch the SeedkeeperTool (see the “ Download ” section). Click on “About”. There you can see the card’s authentikey.

How-to use your Seedkeeper?

Well, it’s really easy…

To use your Seedkeeper, simply connect a card reader and insert the card in it, then run the SeedkeeperTool on your computer.

On the first usage, you will need to initialize the card by defining a PIN code and optionnaly a label to identify the card.
On the subsequent use, you will have to enter your PIN code in order to use your Seedkeeper, so be sure to memorize this PIN correctly!

Check out the FAQ bellow for more information.

Seedkeeper_Admin2022-03-31T13:48:14+02:00

How to initialize my Seedkeeper?

You just bought a Seedkeeper, congratulations!
You have made the right/best choice to really secure your seedphrase and other secrets.
Now you want to use it. Follow these steps to initialize your Seedkeeper:

Grab your Seedkeeper card and plug it in your card reader (see the “Shop” section).
Launch the SeedkeeperTool (see the “Download” section).
Choose your personnal PIN code (a 4-16 characters password) and tap it twice.

Be sure to memorize your PIN code because any sensitive command requires to unlock the device using your personal PIN code.
This is the only thing you have to memorize!

Seedkeeper_Admin2022-03-31T13:48:56+02:00

How to create and safely store a new seed?

You want to generate a new seed and secure it? Let’s go.

Grab your Seedkeeper card and plug it in your card reader (see the “Shop” section).
Launch the SeedkeeperTool (see the “Download” section).
Put your personnal PIN code to access the card (see the “Tutorial” section).
Click on “Import a Secret”.
Click on “Mnemonic phrase”.
1. Label: you can add a short description.
2. Mnemonic type: what type of mnemonic do you want to store.
3. Mnemonic size: how long is your mnemonic.
4. Export rights: choose if you allow plaintext or encrypted export.
  1. Plaintext export will allow you to export the seed in a human readable format like “extend palm antique key woman dice thank slam direct pass column drink”.
  2. Encrypted export will NOT allow you to export the seed in a human readble format.
Click on “Create a new mnemonic”.
Click on “Submit”.

Congratulations! You have now secured a freshly generated seed.

Seedkeeper_Admin2022-03-31T13:50:24+02:00

How to secure an existing seed?

You already have a seed and want to secure it? Let’s go.

Grab your Seedkeeper card and plug it in your card reader (see the “Shop” section).
Launch the SeedkeeperTool (see the “Download” section).
Put your personnal PIN code to access the card (see the “Tutorial” section).
Click on “Import a Secret”.
Click on “Mnemonic phrase”.
1. Label: you can add a short description.
2. Mnemonic type: what type of mnemonic do you want to store.
3. Mnemonic size: how long is your mnemonic.
4. Export rights: choose if you allow plaintext or encrypted export.
  1. Plaintext export will allow you to export the seed in a human readable format like “extend palm antique key woman dice thank slam direct pass column drink”.
  2. Encrypted export will NOT allow you to export the seed in a human readble format.
Click on “I already have a mnemonic”.
Type your seedphrase.
Click on “Submit”.

Congratulations! You have now secured your first seed.

Seedkeeper_Admin2022-03-31T13:48:35+02:00

How to make a backup of my Seedkeeper card?

You can make multiple backups of your Seedkeeper card. This is really useful when you want to physically store a backup of your seed in different places.
For example, you can have one Seedkeeper with a specific PIN code stored in a bank vault, another stored at your home and give a card to a trusted family member.
People cannot access the contents of your Seedkeeper without the PIN code.

To make a backup of your Seedkeeper, follow these steps:

Grab your Seedkeeper card and a new/blank Seedkeeper (the backup card).
Launch the SeedkeeperTool (see the “Download” section).
Plug the backup card in your card reader (if it’s a first use, it will ask you to put a PIN code).
You should see a pop-up saying: “Authentikey added to the Truststore!”. Your backup card’s authentikey is registered.
Now, do the same steps with your Seedkeeper card (remove your backup card and plug your Seedkeeper card).
You should see a pop-up saying: “Authentikey added to the Truststore!”. Your Seedkeeper’s authentikey is registered.
Click on “Make a backup”.
Select the backup card’s authentikey.
Click on “Backup” and copy the encrypted output.
Now, remove your Seedkeeper from the chip card reader and plug the backup card, the empty/blank one.
Click on “Import a secret”, “Secure import from json”.
Past the encrypted output (see step 9).
Click “Import”.

That’s it. To summurize, you have plugged your two cards to register both card’s authentikey and you just create an encrypted backup from one card and import it (in a json format) to your back card.
Easy right!? You can follow these steps and make unlimited backups on multiple Seedkeeper cards.

Seedkeeper_Admin2022-03-31T13:51:16+02:00

How to list my secrets?

You have several seeds or other crypto-related secrets stored in your Seedkeeper and want to have a better overview?

1. Grab your Seedkeeper card and plug it in your card reader.
2. Launch the SeedkeeperTool (see the “Download” section).
3. Click on “List Secrets”.

And there you have the complete list of all your secrets with the ID, the given label, the type of secret or the type of export right.

Seedkeeper_Admin2022-03-31T13:51:26+02:00

How to generate a secret on-card?

Generating a secret on-card is the most secure solution. The secret is not show to the screen, it is generate by the chip itself and securely stored within the chip memory. You can generate two types of secrets on-card:

a Masterseed
a 2FA secret

To generate a secret on-card, follow these steps:

Grab your Seedkeeper card and plug it in your card reader.
Launch the SeedkeeperTool (see the “Download” section).
Click on “Generate Secret on-card”.
Choose the type of secret you wish to generate.
1. For a Masterseed: add a “Label“, select the size of the Masterkey and the “Export rights“.
2. For a 2FA secret: add a “Label“, select the “Export rights“.

You have now successfully generated a new secret on-card.

Seedkeeper_Admin2022-03-30T16:16:04+02:00

How to check my card’s authentikey?

The authentikey is a public/private elliptic curve keypair that is unique per Seedkeeper device (and Satochip) and that can be used to authenticate a device and initiate a communication with it.
You can check your card’s authentikey by following these steps:

Grab your Seedkeeper or Satochip card and plug it in your card reader.
Launch the SeedkeeperTool (see the “Download” section).
Click on “About”.
There you can see the card’s authentikey.

Seedkeeper_Admin2022-03-30T16:18:24+02:00

How to import an encrypted masterkey to a Satochip hardware wallet?

A masterseed can be imported encrypted using the SeedkeeperTool. In this case, the encrypted masterseed can be obtained from the export menu after pairing the Seedkeeper with the Satochip (see “Tutorial” section for pairing two cards).
To import an encrypted masterkey to a Satochip hardware wallet, follow these steps:

Grab your Seedkeeper card and plug it in your card reader.
Launch the SeedkeeperTool (see the “Download” section).
Generate a new masterseed on your Seedkeeper (see “Tutorial” section).
Click on “Export a Secret”, select the secret to export and the authentikey of your Satochip card (see “Tutorial” section for pairing two cards).
Click on “Export” and copy the encrypted output.
Plug your Satochip card.
Using the SeedkeeperTool, click on “Import a Secret”
Select “Secure import from json”
Past the encrypted output (see step 5).
Click “Import”

Congratulations! You have successfuly imported an encrypted masterseed (generated on your Seedkeeper) within your Satochip hardware wallet.

Seedkeeper_Admin2022-03-31T13:40:43+02:00

How to securely pair a Seedkeeper and a Satochip hardware wallet?

The secure pairing allows two devices (Seedkeeper, Satochip or any compatible device in the future)
to authenticate each other and generate a shared secret key to communicate securely.

This will allow them to safely exchange seeds and other data.

To achieve this, the two devices needs to exchange their authentikey and store the other device’s authentikey in their secure memory.
To simplify this process, each time a card is inserted, its authentikey is requested by the SeedkeeperTool and stored in a temporary array called the Truststore.

If you want to pair your Seedkeeper and your Satochip hardware wallet, follow these steps:

Plug your Satochip card into your chip card reader.
Launch the SeedkeeperTool.
You should see a pop-up saying: “Authentikey added to the Truststore!”. Your Satochip’s authentikey is registered.
Now, do the same steps with your Seedkeeper card (remove your Satochip card and plug your Seedkeeper card).
You should see a pop-up saying: “Authentikey added to the Truststore!”. Your Seedkeeper’s authentikey is registered.
Import your Satochip’s authentikey is your Seedkeeper card: “Import a secret”, “Authentikey from TrustStore” and select your Satochip’s authentikey (see “Tutorial” section to learn how to check the card’s authentikey).
Success! You have now imported your Satochip’s authentikey in your Seedkeeper. Your cards are now securely paired.

Seedkeeper_Admin2022-03-30T16:19:11+02:00

How to use Seedkeeper with your Satochip hardware wallet?

You can import a BIP39 mnemonic, an Electrum mnemonic or the raw masterseed into a Satochip.
Note that it is not recommended to import an Electrum mnemonic into a hardware wallet (even though it is possible) as it is not standard and can create compatibility issues.

A mnemonic can be imported in plaintext only, using any application supporting Satochip for the import (e.g. SeedkeeperTool, Electrum-Satochip, Electron Cash, Satochip-Bridge…).
A masterseed can be imported encrypted using the SeedkeeperTool (see “Tutorial” section).
- In this case, the encrypted masterseed can be obtained from the export menu after pairing the Seedkeeper with the Satochip (see “Tutorial” section for cards pairing).

You can import a seed into a Satochip either in plaintext or encrypted.
Simply insert the Satochip and use the same menu option as for seed import to a Seedkeeper (see “Tutorial” section).

Seedkeeper_Admin2022-03-30T16:19:53+02:00

SeedkeeperTool

The SeedkeeperTool is this application used to communicate with a Seedkeeper.
It allows the user to create, store, manage and backup seeds and other crypto-related secrets.

Seedkeeper_Admin2022-03-30T16:20:03+02:00

PIN code

A PIN code is a 4-16 characters password used to unlock a Seedkeeper or Satochip.
Any sensitive command requires to unlock the PIN device first.
After the wrong PIN is input several times (typically 4), the device bricks itself and cannot be used anymore!

Seedkeeper_Admin2022-03-30T16:20:12+02:00

Seed

The seed is the generic term to designate the secret data that is used to setup a wallet and access funds.
A seed can take the form of:

A Mnemonic seed which is a list of ordoned words;
A Masterseed which is a list of raw bytes.

Seedkeeper_Admin2022-03-30T16:20:22+02:00

Mnemonic (aka seedphrase)

A mnemonic seedphrase is a human-readable list of 12 to 24 words that allows to generate or recover a wallet and spend the funds.
Seedphrase are usualy compatible with the BIP39 protocol.

Seedkeeper_Admin2022-03-30T16:22:32+02:00

Masterseed

A masterseed is a 16 to 32 bytes secret derived from the mnemonic.
It is this value that is ultimately used as input to the BIP32 derivation process.
The derivation process allows the end-user to have several different addresses from a single mnemonic.

Seedkeeper_Admin2022-03-30T16:22:41+02:00

2FA secret

A 2FA secret is 20-byte random secret that can be used in a Satochip as second-factor authentication.
If 2FA is enabled, all transactions must be approved on a second device such as a smartphone.

Seedkeeper_Admin2022-03-30T16:22:50+02:00

Authentikey

The authentikey is a public/private elliptic curve keypair that is unique per Seedkeeper device (and Satochip) and that can be used to authenticate a device and initiate a communication with it.

Seedkeeper_Admin2022-03-30T16:23:24+02:00

Truststore

The truststore is, in the SeedkeeperTool application, the Truststore keeps a list of public key authentikeys for each Seedkeeper device connected so far.
The Trustore is cleared upon application closing.

Seedkeeper_Admin2023-06-06T12:24:37+02:00

How do I get a Seedkeeper card?

Either you buy your Seedkeeper card on the Satochip Webshop, the card will be freely shipped to your home.
Or you buy a DIY (Do It Yourself) compatible blank chip card and load the Seedkeeper applet by yourself.
You can buy a compatible DIY blank chip card on our webshop.

To interract with your Seedkeeper card, you will need a chip card reader. You can buy one on our webshop.
Any chip card reader that you can found on Internet should work out of the box. But better have a Satochip one ;)

Seedkeeper_Admin2022-03-30T16:24:00+02:00

How do I get a chip card reader?

Seedkeeper_Admin2022-03-30T16:24:21+02:00

My card is not detected…

Double check that the chip card reader is connected to your computer and its recognized by the operating system.
Make sure you put your card on the right side. In general, the chip should be on top (this is the case with the Satochip smart card reader).

If you are on Linux, you may need to install the smartcard driver if the card is not detected. You can do it, for example on Ubuntu, with the following command line: sudo apt install pcscd
If you are on Windows, be sure your chip card reader is using the latest driver.

Seedkeeper_Admin2023-06-06T12:04:32+02:00

Do you have a DIY card?

If you bought a DIY chip card, you should install the Seedkeeper applet on the chip.
To do that, follow these steps:

Download the Seedkeeper.cap file
Download the GlobalPlatform client that will be used to upload the applet on the chip
Put the Seedkeeper.cap file in the same folder as the GlobalPlatform client for convenience
To list the applets loaded on a smartcard: gp.exe -l
To load the Seedkeeper applet: gp.exe -install .\Seedkeeper-v.x.x.x.cap
To delete the Seedkeeper applet: gp.exe -uninstall .\Seedkeeper-v.x.x.x.cap

A more detailed tutorial is available on the GlobalPlatformPro repository.

Seedkeeper_Admin2023-06-06T12:21:23+02:00

What software do I need?

To manage your Seedkeeper card, you will need to download the SeedkeeperTool.
This tiny client written in Python is open-source, you can check the code by yourself and even help the community by commiting your proposals.

It’s available on Windows, Linux and Mac.

Seedkeeper_Admin2022-03-30T16:25:00+02:00

SeedkeeperTool for Windows

Download the latest version of the client here: Windows.

Seedkeeper_Admin2022-03-30T16:25:09+02:00

SeedkeeperTool for Linux

Download the latest version of the client here: Linux.

Seedkeeper_Admin2023-06-06T12:02:03+02:00

SeedkeeperTool for Mac

Download the latest version of the client here: Mac.

Seedkeeper_Admin2022-03-30T16:25:49+02:00

Error! Secure import failed: card is already seeded (0x9C17)!

When importing an encrypted masterseed or a mnemonic to your Satochip hardware wallet, you got this error code: 0x9C17.

Don’t worry. In fact, your Satochip hardware wallet is already seeded. Meaning you cannot import a new seed.
If you want, you can reset your Satochip hardware wallet using the Satochip-Bridge menu and the “Reset Seed” option.
Beware, you will loose your wallet and your funds. Be sure to act knowledgeably.

Seedkeeper_Admin2022-03-30T16:25:57+02:00

Label

A label can be attached to each secret stored in secure memory. This can be used e.g. to provide a short description in less than 128 characters.

Seedkeeper_Admin2022-03-30T16:26:13+02:00

Export rights

When you want to generate and/or store a new secret, the SeedkeeperTool will ask you what type of “Export Rights” you want for that specific secret.
Secret can be exported in two ways, as defined during its creation:

In plaintext: the secret is shown in plaintext on the SeedkeeperTool and can be copied to any other device.
In encrypted form: the secret is encrypted for a specific device based on the authentikey, and can only be exported for that specific device.