Encrypted Backups

Background

The Coldcard is unique in that we offer a backup feature to save your wallet seeds to MicroSD card. Settings and other meta is saved as well. The encrypted file can be treated as any oter file because we use AES-256 encryption, with a strong pass phrase.

advanced menu

Even using this feature, you should still have a paper-only copy of your 24 seed words. Use the encrypted backup feature for convenience and duplication.

Creating a Backup

Pick "Backup System" from the menu. Coldcard will pick 12 words as a password. These words have nothing to do with your wallet seed and are chosen randomly.

You have to pass a quiz, proving you've written down the words, although we have made the quiz easier as it does not verify every word.

The new file is written the MicroSD card. If there was already a backup file, and number is appended to the filename. The most recent backup file should have the highest number.

Verify a Backup

This command does a quick CRC32 check over the file. It's useful to check the file was not truncated or damaged in transit. It is not cryptographically secure, meaning the file maybe artifically created or delibrately tampered with. However, it's still a useful feature when you are confident of the chain of custidy of your file.

No password is required since the file is not decrypted in that process.

Restore Backup

To restore the backup, you must use a new Coldcard with no wallet defined, or wipe the seed from the Coldcard, which is naturally a dangerous operation.

About the Backup File Contents

The file we create is a standard 7z archive with AES-256 encryption, in CBC mode. The 256-bit key is a SHA256 hash of a passphrase, hashed in a particular way to support 7z compatibility. We know the passphrase has at least 128-bits of entropy because the Coldcard uses it's true random number generator (TRNG) to pick it.

Once decrypted, which is possible using any 7z archive tool, the contents are a simple text file with everything you could need to access your funds, in an emergency, using another wallet system.

Restoring the backup file onto a replacement Coldcard is a simple process that merely requires entering the 12 words.

Is it secure?

We use AES-256 encryption, wrapped in a 7z archive. The passphrase is chosen at random, as 12 words from the BIP39 word list. This gives effectively 132 bits of security without any key stretching. The 7z file format adds a 16-byte salt and random 16-byte IV (initialization vector), plus a few tens of thousands of rounds of key stretching. We are not relying on that however, because of the long key itself (128-bits).

Proving It Works

Because we are using a standard file format, you can verify the process and that the data is in fact encrypted. Any 7z tool that supports AES256-SHA256 encryption should be able to read the files we make. Take the 12 words and put them together with a single space between each word (all lowercase). The decoded archive will contain a single file, ckcc-backup.txt, which is a simple text file and easy to read.

Limitations