In our article on whether hardware wallets should be open source, we explained why cold storage devices cannot benefit from open source development in the same way that more well-known projects are able to. Although open source code enables a kind of “audit” on your product’s security, benefits are highly dependent on the scale of community involvement and you are ultimately making it easier for cybercriminals to discover loopholes. Still worse for hardware wallets, vulnerabilities can be exploited to produce counterfeit products with malicious code that the majority of users won’t use open source code to verify the authenticity of.
In light of the security concerns inherent in releasing source code, Cobo Vault has introduced a different type of “auditability” through the transparency of QR codes. In excluding Bluetooth, Wi-Fi, USB, NFC, and other opaque means of data transmission from our product design, we have made it easy for users to verify that their hardware wallet is not revealing their private keys or other sensitive information in any way.
How Transactions Are Created with the Cobo Vault
The Cobo Vault is an offline storage device (cold end) that cannot construct transactions without the help of an online mobile device (hot end) running the Cobo Vault app. Because private keys are stored on the offline device and remain there the entire way through, the user’s assets won’t be affected if this mobile device is damaged or lost.
Transactions are constructed and signed through QR code communication between a mobile device and the Cobo Vault in the following way:
- The Cobo Vault mobile app generates a QR code containing the data of a newly created unsigned transaction.
- The camera on the Cobo Vault (cold end) scans the QR code to obtain the transaction data.
- The transaction is confirmed on the Cobo Vault touchscreen, signing the transaction and outputting the signed transaction data in the form of a QR code.
- The camera on the hot end mobile device scans the QR code on cold end to obtain the signed transaction data.
- The hot end broadcasts the transaction to the blockchain network.
How to “Audit” QR Code Data Transmissions
We believe that QR codes, in addition to being safe, are the most transparent means of data transmission for air-gapped cold storage. Scanning the QR codes generated by the Cobo Vault and Cobo Vault mobile app with any ordinary QR code scanner not used in the transaction process allows you to view transaction data in JSON format. In the following example, we use a Litecoin transaction to demonstrate how every aspect of our QR code data transmission process can be examined.
First we use the mobile app to create a transaction sending 0.01 LTC to the address 3Qg4Jb6GJM2vk4eDwiyouPQRAukVa5Mbk7. The mobile app generates a single QR code containing the unsigned transaction data (if transaction data is large, multiple QR codes may be generated).
Let’s first examine the unsigned transaction data output by the Cobo Vault app. Using a QR code scanner, we can view the below JSON data of which “total” (indicating the number of QR codes) and “index” (indicating the sequence of QR codes) are human-readable, while the rest is encoded.
Note that “value” (if there is more than one QR code, data is spliced according to the serial number sequence indicated by “index”) is extracted from gzip compression and Base64 encoding, after which MD5 Checksum is calculated and verified against the checkSum field.
To view the unsigned transaction data in fully human-readable JSON format, we need to decode the above “value” by first decoding Base64 then unzipping. Doing so will obtain the below unsigned transaction data.
"displayTime": "2019/11/27 18:09:29 +08:00",
We use essentially the same method to examine the Cobo Vault’s data output. Firing up the Cobo Vault’s built-in camera to scan the hot end QR code described above, we then use the touchscreen to confirm and sign the transaction. Once we touch ‘Sign’, the Cobo Vault generates another QR code (when transaction data is larger, more than one QR code may be generated) containing the signed transaction data.
The above QR code can be scanned (again by a QR scanner not involved in the transaction process) to produce the below JSON data.
As before, the following encoded signed transaction data is obtained in human-readable JSON format through the process of decoding “value”. Careful inspection shows that the Cobo Vault’s output has not revealed private keys or other sensitive information at any stage of the process.
Yet a further step can be taken in “auditing” Cobo Vault outputs if we place the “rawTx” value in the LTC raw transaction decoder, then use the JSON data format to represent the LTC raw transaction. This method is an easy way to confirm that 0.01 LTC will be sent to the address 3Qg4Jb6GJM2vk4eDwiyouPQRAukVa5Mbk7. After we’re happy with the transaction, we tap ‘Broadcast to network’ to complete the transaction.
You’ve doubtlessly heard you should have at least one hardware wallet, but the transparency of QR code data transmissions is a lesser-known aspect of cold storage that every Hodler should be aware of. Pass on the information and let us know what you think in the comments below!