Security Features
Last updated
Last updated
Feature: The Cardware Wallet integrates an EAL6+ certified secure element chip for cryptographic key generation and secure storage. This certification represents one of the highest levels of security assurance for hardware components, indicating compliance with stringent evaluation criteria and resistance to sophisticated attack methods.
Benefit: The secure element provides a tamper-resistant environment that protects cryptographic operations against advanced physical and logical attacks. By isolating private keys within this dedicated hardware component, the wallet significantly reduces the risk of key extraction or unauthorized access. This ensures that sensitive cryptographic material remains protected throughout the device's lifecycle, enhancing overall security for digital asset management.
Feature: The device employs its built-in camera to capture an image during the initial setup process, sampling random pixels from each image to generate private keys. SHA256 is predicated on the entropic properties of 256 bits. There are 8 bits to a byte which leaves us with 64 bytes providing 256 bits of entropy. With Cardware your private key is generated using a picture you take of the world around you, providing 15534 bytes or 124272 bits of real world randomness which is used to securely generate your seed phrase.
Benefit: This method produces private keys with exceptionally high entropy, ensuring uniqueness and unpredictability. High entropy in key generation is crucial for cryptographic security, as it minimizes the likelihood of key duplication or successful brute-force attacks. By leveraging the inherent randomness of physical environments, the wallet enhances the strength of the cryptographic keys, providing robust protection against potential threats.
Feature: Designed without any form of network connectivity, the Cardware Wallet lacks internet access, Bluetooth, Wi-Fi, or any wireless communication modules.
Benefit: Operating entirely offline, the device eliminates exposure to remote attacks that could exploit network connections. This air-gapped approach ensures that private keys and transaction data remain confined within the secure environment of the wallet, preventing unauthorized access or interception by external entities. It provides an additional layer of defense by removing potential attack vectors associated with connectivity, thereby enhancing the overall security posture.
Feature: The wallet's firmware is fixed, non-upgradable, and stored in secure, read-only memory.
Benefit: This design choice prevents vulnerabilities that could arise from firmware updates, such as malicious code injection or exploitation of update mechanisms. By maintaining a stable and immutable firmware environment, the device reduces the risk of software-based attacks and ensures consistent operation. This approach enhances reliability and trust in the device's security features over time, as users can be confident that the firmware remains uncompromised.
Feature: The secure element chip and STM32 microcontroller incorporate read-out protection and write protection mechanisms.
Benefit: These security features prevent unauthorized access to, or modification of, the device's memory and firmware. Read-out protection ensures that sensitive data, including private keys and cryptographic algorithms, cannot be extracted from the device, safeguarding against physical attacks. Write protection preserves the integrity of the firmware by blocking unauthorized changes, thereby preventing potential tampering or the introduction of malicious software. Together, these mechanisms uphold the confidentiality and integrity of critical system components.
Feature: The USB-C port is configured exclusively for power delivery, with only the power and ground connections active. All data lines are physically disconnected, a design aspect that is visibly apparent on the transparent circuit board.
Benefit: By eliminating data transmission capabilities through the USB-C port, the device mitigates risks associated with compromised cables or USB-based attacks, such as data theft or malware injection. Users can visually verify the absence of active data lines, reinforcing trust in the device's physical security measures. This approach ensures that power can be supplied safely without introducing potential vulnerabilities associated with data connectivity.
Feature: Transactions are signed within the secure element chip, utilizing QR codes for data transfer between the hardware wallet and external applications.
Benefit: This method ensures that private keys remain securely stored within the device's secure element during the transaction process. By using QR codes for communication, the wallet avoids direct electronic connections that could expose sensitive information. This approach minimizes the risk of network-based attacks, data interception, or unauthorized access during transaction signing, while allowing users to interact securely with companion apps or platforms.
EAL6+ Certified Secure Element: Provides high-assurance hardware security for cryptographic key management.
High Entropy Key Generation: Generates unique and unpredictable private keys through random pixel sampling.
Air-Gapped and Offline Operation: Eliminates exposure to network-based threats by operating without connectivity.
Firmware Integrity and Non-Upgradability: Maintains a secure and stable environment by preventing firmware modifications.
Read/Write Protection: Protects memory and firmware against unauthorized access or alterations.
USB-C Powered with Transparent Verification: Ensures safe power delivery without data transmission, visibly verifiable by users.
Secure Transaction Signing via QR Codes: Allows secure transaction processing while keeping private keys isolated.
These features collectively establish a robust security framework for managing and safeguarding digital assets, ensuring that private keys and transaction data are protected against a wide spectrum of threats.