This guide explains how to get started with a Passport cold storage wallet. The passport is a Bitcoin hardware wallet that is assembled in the U.S., fully open source and designed to only be used in a secure, air-gapped fashion.
Taking self custody of your bitcoin means that you are ultimately responsible for your own wealth, there is no bank vault to protect you or a 1-800 help line to reverse a transaction. Being able to transact without permission is powerful, and with great power comes great responsibility. So, let's get your journey into self custody started on the right foot.
Keep an eye out for announcements from @FOUNDATIONdvcs, they are anticipating releasing a new version of the Passport around March 2022.
This guide covers:
Generally speaking, it is good practice to use a P.O. Box when ordering Bitcoin-related products or materials. This helps prevent your exposure to risks associated with data breaches. If you have any suspicion that your device was tampered with in transit, contact firstname.lastname@example.org.
The Passport is shipped in a white cardboard box with a blue, tamper-evident security seal. There is nothing on the outside of the box which indicates it has anything to do with Bitcoin. The number printed on the security seal is not recorded by Foundation Devices, but the initial batch of Passports all shipped with label numbers that start with B722, B732 or B733. If the tamper-evident tape is disturbed, it will reveal the word "VOID."
Inside the cardboard box you will find a bubble-wrapped box containing the Passport. This inner box also has a tamper-evident seal on it. You will also find some stickers and a note card with some basic explanations on it about your new Passport. The founders edition includes a miniature copy of the Bitcoin white paper printed in the form of a passport.
After removing the bubble wrap and cutting the tamper-evident seal, inside the inner box you will find your new Passport. Underneath the Passport you will find two AAA batteries and two, eight-GB microSD cards.
All together, everything necessary to get started is included. The Passport measures 108 mm in length by 38 mm in width.
To get started, simply remove the magnetic cover from the back of the device and insert the included AAA batteries. The back of the included informational card has a QR code that you can scan with your phone to visit the Foundation Devices setup page.
Next, you'll see how to power on the Passport and verify the supply chain check to ensure the device is genuine.
Supply Chain Validation
This section demonstrates how to power on the Passport and execute the supply chain validation. There is a private key stored on the secure element used for this validation. By scanning a static public key QR code with the Passport, it will generate four words which are used as a checksum that only a valid Passport private key can produce.
Hold down the button in the lower left-hand corner of the Passport for about half of a second until the device lights up. After the initial boot, you will be greeted with a welcome message. You can scroll to the bottom of that message by holding the “down arrow,” then press the “continue” button.
Finally, confirm having read the terms by pressing the “continue” button.
For this next step, ensure your batteries are well charged, then you will want to have the supply chain validation QR code open on your computer or phone. Read and scroll down to the end of the validation message, then press the “continue” button. This will launch the camera and you can then scan the validation QR code on your device's screen.
The Passport will then display four words on the screen. Enter these words into the interface under the validation QR code. You should receive a validation message confirming that your device is a legit Foundation device.
Then press the “VALID” button and you are ready to set up your PIN. At this point, it is a good idea to get a notepad and pen or pencil ready to write down some information that you will need to secure.
This section demonstrates how to set up the PIN for accessing your Passport. Have a notebook and pen or pencil ready. To start, there are a few considerations to understand and then the steps to complete this process are outlined.
The PIN number is used to secure access to your Passport. Without the PIN number, your Passport will be inaccessible. There is no way to recover a lost or forgotten PIN, so be sure to secure your PIN in such a way that you will not lose access to it. Best practice is to physically write this information down in a notebook that you keep private and secure. Throughout this guide, there are going to be a few pieces of information that will be sensitive in regards to accessing the Passport and the signing keys it will contain. By writing this information down on paper, you can mitigate the risks introduced using digital media.
For example, in a digital file, this information can be remotely accessed on a network connected computer if the computer is compromised. Additionally, other forms of digital media such as images or video can not only be accessed remotely on a compromised device but they could also be copied and transferred quickly and easily by anyone who has physical access to the computer or other device. Although it is true that anyone with physical access to the handwritten information could easily snap a picture of it, at least the notebook could be easily hidden in an inconspicuous place or secured in a safe whereas putting a computer in a safe may not be convenient or practical.
Using a PIN that is easy to guess could result in loss of bitcoin if an adversary gets a hold of your Passport. There is benefit to using a PIN that is difficult to guess. The PIN must be at least six digits in length. You will enter the first four digits and then you will be presented with two anti-phishing words. Write down these anti-phishing words, these are unique words that are generated by using some entropy from the Passport in combination with your PIN's first four digits.
After establishing your new PIN, upon re-entry to the Passport, you will be presented with these same two anti-phishing words. If you are ever presented with different ant-phishing words then you either entered the first four digits of your PIN incorrectly or your device has been tampered with. If that happens to you, do not proceed with accessing your device until you figure out which situation you are in at that point.
As a security feature, the Passport will brick itself if there are 21 failed PIN attempts. Once a valid PIN is entered, the counter resets to zero.
After the supply chain validation from the last section, you should see a message on your Passport that explains some details about the PIN. Scroll down to the bottom of that message with the "down arrow." After reading the entire message, press the "continue" button.
Next, you will be presented with a blank PIN entry dialog. Use the numbered keys on the Passport to enter the first four digits of your new PIN. Immediately upon entry of the fourth digit, you will be presented with the two anti-phishing words. Write down the first four digits of your PIN along with these two anti-phishing words.
Speaking this information out loud could introduce a potential risk of exposing the details to any devices that may be listening to you. Then press the "next" button and enter the remaining part of your PIN and write that down, too. This remaining part needs to be at least two digits long and can be as much as eight digits in length. Your PIN in its entirety can be up to 12 digits in length. In this example, the PIN "12345678" is used. Do not use "12345678" for your PIN.
When finished press "enter." You will then be asked to confirm your PIN by first re-entering the first four digits, confirming the two anti-phishing words, and re-entering the remaining part of the PIN.
Again, press "enter" when finished and the Passport will save this information. From now on the PIN will be required to access your Passport. A lost or forgotten PIN cannot be retrieved from the Passport. No one can assist you with recovering a lost or forgotten PIN. The Passport will brick itself after 21 failed PIN entries. Be sure to write down and secure your entire PIN and the two anti-phishing words. Once the Passport is finished saving the PIN details, you will be at the main menu.
Before setting up your new cold storage wallet, it is a good idea to ensure the firmware is up to date.
For this section, you will need a USB adaptor for your included microSD card, unless your computer has a microSD card port. Keeping the firmware on the Passport up to date is important as this is how new features are introduced, quality of life improvements are made, security issues are resolved and bugs are fixed. Foundation regularly releases firmware updates, so be sure to stay up to date with these as they occur. Navigate to the official Foundation firmware page to see more details.
In this section, updating the firmware will be demonstrated in two ways. The first way involves fewer steps but forgoes independent verification, the second way demonstrates using the developer's PGP public keys and signatures to cryptographically verify the integrity of the firmware file.
The Passport will only allow firmware to be installed if it has been signed by at least two out of four possible Foundation developer PGP keys. This gives beginner or intermediate users the ability to update their firmware with a reasonable degree of confidence, while giving advanced users the ability to verify the integrity of the firmware themselves.
Before getting started with either approach outlined below, first check your Passport to compare the currently installed firmware version with the currently available firmware version.
Log into your Passport by powering it on, typing in the first four digits of your PIN, confirming your two anti-phishing words, and entering the remainder of your PIN. From the main menu, navigate to “Settings,” “Firmware,” “Current Version.”
There you will see the currently installed firmware version, the date of its release and a boot counter. The boot counter tells you how many times the Passport has been powered on. Compare the currently-installed firmware version to the displayed currently-available version on the Foundation firmware download page. If the installed version is lower than the available version, then you will want to update that. If you have the latest firmware installed, then you can skip to the next section. Press the “back”: button to return to the previous sub menu.
Simple Firmware Update
Clicking on that link will automatically initiate the Foundation firmware “.bin” file download to your computer. If your computer is equipped with a microSD slot, then you can simply insert the microSD card. If your computer does not have a microSD slot, then you may need to use your own USB-to-microSD adaptor, insert your included microSD card into the USB adaptor and then insert that adaptor into a USB port on your computer. Once the computer recognizes your USB adaptor, then simply open a file explorer and copy/paste the firmware “.bin” file to the microSD card. Then safely eject the microSD card.
The microSD card inserts to the port on the top of the Passport. The microSD card does not fully insert to the device, it will be sticking out about half way. Ensure the pins on the microSD card are facing up, the same direction as the face of the device.
From the same sub-menu where you checked the firmware version, select “Update Firmware” this time. Then follow the prompt and press “continue.” On the next screen, scroll to the bottom of the message by pressing the “down arrow.”
Confirm you want to proceed by pressing “YES.”
On the next screen you will see a message warning you not to power off the Passport during the firmware update. Having fresh batteries installed is recommended. Press “OK” to continue. Then the Passport will first prepare the update and then execute the update. After a moment, the Passport will display the new currently-installed firmware version.
After the firmware update is finished you can remove the microSD card and continue to set up your seed phrase. Or, if you want to see how to cryptographically verify the integrity of the firmware file before you install it on your Passport, then continue with the advanced update details below.
Advanced Firmware Update
Learning how to verify software is an important but often overlooked step that can save you from a number of threats. The risk is that malicious software could be uploaded to compromised servers that you then download thinking it is legitimate. Or malicious websites that aim to imitate the legitimate website could fool you into thinking you are getting the software from the real company directly.
The basic idea behind software verification is that you can use cryptographic signatures and hash values to prove that the software you downloaded is in fact exactly what the developers intended on you receiving. This is different than a security audit, in which experts parse through the code line by line to verify that it is not doing anything malicious. The verification part only assures that the downloaded software is what it purports to be, whether or not the developers who created that software are up to nefarious schemes is another issue but one that is mitigated through open-source software that anyone can look into and put many eyes on.
There are a couple of things that you will need in order to verify your Passport firmware:
- Key manager: Gpg4win for Windows, GPGTools for Mac or GnuPG which already comes pre-installed on Linux
- The Foundation public key
- The latest Passport firmware file, signature file and hash value which can all be found on the Foundation GitHub repository here
The steps outlined below will be demonstrated with the Windows Gpg4win key manager tool. If you are using Linux, the instructions can be found on the official Foundation page here.
You will need to have your own PGP key pair setup in Kleopatra (the key manager tool in Gpg4win) in order to certify the Foundation public key. You can learn more about setting up Kleopatra in a variety of video tutorials such as this one. The following steps assume you have already configured your own PGP key pair.
Also, for Windows users, there is a handy freeware hex editor called HxD that makes calculating hash values easy.
Once you have Gpg4win installed, your own PGP key configured, and HxD installed, navigate to the Foundation GitHub repository and download the latest firmware file, signature file and make note of the firmware file hash value. Save the two files in a convenient folder and keep a tab open to easily refer back to the hash value in a few steps.
Next, navigate to the Foundation firmware update support page and download the developer’s public key. You can save this in the same folder as the other files if you would like.
Next, you want to import the Foundation public key to your Kleopatra keychain manager. Click on the “Import…” icon in the top menu.
Then navigate to the folder where you saved the Foundation public key, select this file and click on “Open.”
Then click on “Yes” to certify.
Now compare the displayed finger print in the Kleopatra dialog to a publicly-displayed fingerprint for the Foundation developer. In this case, from the Foundation website. If they match, then click on “Certify” to enter your password and complete the import/certification.
Now, when you try to validate a signature file signed by the Foundation key it will give you the green dialog box, instead of the white-colored dialog box which means that the signature is valid but not certified. It is important to be able to distinguish between a certified and valid signature (green), a valid but not certified signature (white), and an invalid signature (red).
Navigate to the folder where you saved the firmware “.bin” file and the developer’s “.sig” signature file. Right click on the “.bin” file then select “More GpgEX options,” and “Verify.” Then you should get the green certified and verified dialog box.
This means that so far you have confirmed that the “.bin” firmware file you downloaded is verified with the Foundation developer signature.
Next, open the “.bin” firmware file with HxD and then navigate to “Analysis” and “Checksums” and choose “SHA256.” HxD will then compute the SHA-256 hash value and you can compare that to the one displayed on the Foundation GitHub site.
Now you are ready to load the verified firmware file on your microSD card and import it to your Passport. Using your own USB to microSD adaptor, insert your included microSD card into the USB adaptor and then insert that adaptor into a USB port on your computer. Or if your computer has a microSD card port, then you can just use that. Once the computer recognizes your USB adapter or the microSd card then simply open a file explorer and copy/paste the firmware “.bin” file to the microSD card. Then safely eject the microSD card.
The microSD card inserts to the port on the top of the Passport. The microSD card does not fully insert to the device, it will be sticking out about half way. Ensure the pins on the microSD card are facing up, the same direction as the face of the device.
From the same sub-menu where you checked the firmware version, select “Update Firmware” this time. Then follow the prompt and press “continue.” On the next screen scroll to the bottom of the message by pressing the “down arrow.” Confirm you want to proceed by pressing “yes.”
On the next screen you will see a message warning you not to power off the Passport during the firmware update. Having fresh batteries installed is recommended. Press “OK” to continue. Then the passport will first prepare the update and then execute the update. After a moment the Passport will display the new currently installed firmware version.
After the firmware update is finished you can remove the microSD card and continue to set up your seed phrase.
Creating A Seed Phrase
This section covers how to create a seed phrase on the Passport. The Passport is going to generate 24 English words, these words make up the seed phrase. A seed phrase is simply a human-readable representation of the signing key for your bitcoin. The seed is sensitive and should be regarded in the same way cash, gold or jewelry is regarded. If anyone gains access to your seed phrase, then they gain access to your bitcoin.
By default, the Passport will generate the 24-word seed phrase, encrypt it and save it to the microSD card. The seed phrase can then be decrypted with a password that the Passport will generate. This password is six English words. You can write the password down in a secure notebook, save it in a local password manager or save the password file in a secure cloud storage solution. If anyone gains access to your password, it does not put your funds directly at risk because they would also need physical access to the microSD card with the encrypted backup file. Likewise, if anyone gains access to the microSD card then they would need the six-word password to decrypt the seed phrase.
The Passport comes with two microSD cards and the encrypted seed phrase can be saved to both of them for redundancy.
To get started, insert the microSD card into the Passport, power it on and log in.
From the main menu select “Create New Seed” then scroll to the bottom of the displayed message explaining the two backups and select “continue.”
Next, the Passport will display a message explaining the six-word password you are about to be given. Scroll to the bottom of that message and then select “continue.”
The Passport will now display your six-word password. Keep these words in order, one through six. Ensure that you save this in a way that it is accessible to you in the future and secure in the meantime. If you ever need to restore your Passport from backup, both the encrypted file from the microSD card and the six-word password will be required.
Once you have saved your password, the Passport will test you on it. Simply select the corresponding answer for each of the six words. After passing the test, the Passport will encrypt and save your seed phrase to the microSD card. Then the Passport will let you know the file location and then ask you if you want to make a secondary backup. If you want to make a secondary backup, simply remove the microSD card and replace it with the other microSD card then select “YES.”
There are other options for saving the seed phrase too. Many people like to physically write the 24 words in a notebook that they can keep secure. The advantage to this method is that physical access is required and there is absolutely no risk of remote access from a compromised device, like what may be introduced when using a digital medium. Some disadvantages to writing the seed phrase down on paper is that it cannot withstand extreme environments like fire or flooding.
Because of this environmental risk, many people choose to save their backup information in a steel media such as washers or plates. For an example, check out this guide on the subject.
If you are interested in saving your seed phrase in some alternate form, it can be retrieved from the Passport. Navigate to the main menu and you will notice that the menu options have changed since the seed phrase has been created. Scroll down to “Settings,” then “Advanced,” then “View Seed Words.”
Then a message will be displayed explaining the risk of exposing these seed words to anyone. Scroll to the bottom of the message and select “YES” to display this sensitive information.
Here you can see your 24 words. Make sure you keep them in order when notating them. Double check you work. Do not share these words with anyone. Keep them secure however you choose to back them up. Anyone who gains access to these words can gain access to your bitcoin.
Testing your backups in any form is a good idea and will be covered after the Passphrase section. This will ensure your backups work as they should prior to depositing any funds.
Creating A Passphrase
A passphrase adds an extra layer of security to your Bitcoin wallet. The passphrase is an additional piece of information that is required in order to access your private key and sign transactions. The passphrase can be thought of as a "25th word" appended to the end of your 24-word seed phrase. Without the passphrase, the bitcoin will not be accessible.
There are some important considerations to make with passphrases:
- With the added security comes added complication. Keep in mind that it may not be you attempting to recover your bitcoin, it may be your loved ones who may not understand how Bitcoin wallets work.
- The Passport (or any BIP39 wallet) has no way of knowing whether or not you entered the correct passphrase. Any passphrase entered will cause the wallet to display a fully-functioning and valid bitcoin wallet. But only when you enter your passphrase correctly will the right wallet be opened. A "fingerprint" is used to uniquely identify the wallet so you know it is the right one.
- You will now need to secure an extra piece of information for a complete backup. This can be a disadvantage if you want to minimize the information required to access your bitcoin or this could be advantageous if you leverage it as a duress feature.
If you want to add a passphrase to your Passport, this section will show you how to do it. Make sure you write this information down in a notebook and secure it. The passphrase is not stored in your Passport encrypted backup file.
After you add a passphrase, in order to have a complete backup, you will need:
- The microSD card with the encrypted backup file (or the 24 words in writing)
- The six-word password to decrypt the backup file
- The passphrase and fingerprint
Log in to the Passport and then from the main menu select “Settings,” then “Advanced,” then “Passphrase,” then “Set Passphrase.”
This brings you to the screen where you can enter your passphrase. Passphrases are not limited to words like the seed phrase. Passphrases can contain any combination of special characters, lower case letters, upper case letters or numbers.
You can make your passphrase an easy-to-remember phrase or even a random, high-entropy string of characters.
Once you decide what you want your passphrase to be, make sure you write it down exactly as you have it entered in the Passport. Remember, any deviation from this passphrase going forward will result in a completely different wallet being generated and you will lose your bitcoin if you do not save this information correctly and test it prior to making deposits. The Passport has no way of knowing if you entered the correct passphrase or not and there is nothing that can be done to help you recover a lost or forgotten passphrase.
The Passport will display the passphrase you are about to apply, if everything looks correct, click on “YES” to apply the passphrase.
Once a passphrase is applied, you will notice the "P" shield in the upper left-hand corner signifying that a passphrase has been applied and that you are operating in a different wallet than the one you initially logged into. Also, if you want to be prompted for your passphrase upon logging into your Passport in the future, then you can enable this setting by navigating to and selecting “Enter at Startup,” then “Enabled.”
Next, you want to ensure that you write down the fingerprint as well along with your passphrase. The fingerprint is a unique string of characters that helps you identify that you have entered your passphrase correctly and that you are operating in the correct wallet when using the Passport in the future.
You can find your wallet's fingerprint by navigating back to the “Settings” menu and then “About.” Note the “Master Fingerprint.”
Now that you have a seed phrase and passphrase created and your backup information secured, it is important to verify that your backup information is sufficient for recreating this exact wallet.
This section will cover how to test your backups and ensure that you have all of the information necessary to recover your wallet in the event that you no longer have access to your Passport. Verifying the viability of your backup is an important step to take prior to depositing any bitcoin to your wallet. This may seem counterintuitive after taking all that time to set up your new Passport, but in this section you will see how to delete your private keys from your Passport. Then you will use your backup information to recreate your wallet.
This exercise not only ensures that your backup works but it also helps you understand the steps necessary to recover your wallet. You don't want to wait until you absolutely need to recover your funds to learn how this works. Doing some practice and understanding the steps now, before making bitcoin deposits, will help you remain calm and know all the steps when it really counts.
This section demonstrates restoring from both the microSD card and the written 24-word seed phrase, starting with the microSD card method.
From MicroSD Card
First, ensure you have your encrypted file password written down. This is the six-word password that your Passport generated for you when you set up the device. Log in to the Passport and enter your passphrase, if you enabled the setting to prompt you for it at login. Then navigate to “Settings,” then “Backup,” then “View Password.” This will display your six words and you can confirm you have this information notated correctly.
Second, navigate back to “Settings,” then go to “Advanced” and “Erase Passport.” Then select “YES” to confirm that you wish to erase your Passport.
Then, read the message that explains that by confirming, you understand all funds will be lost without a proper backup. Scroll to the bottom of that message and then press “confirm” to acknowledge you understand the risks. This will initiate the Passport to erase your seed phrase.
Once the Passport reboots itself, insert your microSD card with the encrypted backup file. Log back in and then, from the main menu, select “Restore Backup,” then press “CONTINUE” to select the encrypted backup file from the microSD card. You probably only have one file to choose from, so select that file.
Next, you will be asked for your encrypted file password. Using the alphanumeric keypad, press the keys that spell the word you want. For example, to enter the word “ruin,” press “7,” “8,” “4” for “r,” “u,” “i,” respectively, and then select “ruin” from the short list of possible words.
Repeat that process for all six words in order, making up your password. Then, The Passport will alert you that the restoration was successful and that the device will now reboot. You can remove the microSD card at this time.
Next, you want to apply your passphrase and ensure that you get the same fingerprint returned that you have notated. Navigate to “Advanced,” then “Passphrase,” then “Set Passphrase,” then enter and apply your passphrase.
With the passphrase applied, you can then navigate to “Settings,” then “About” and view the master fingerprint there. This should match your records, if it does not match your records then you either entered the passphrase incorrectly or you have the wrong passphrase written down.
Now you know that your encrypted backup file on your microSD card works to restore your wallet and that your passphrase works too.
From Written Seed Words
This part demonstrates how to ensure the written seed phrase and passphrase can be used to restore your wallet. If you are only using the encrypted backup file on the microSD card then this step is not necessary for you. This is meant for people who want to write down their seed phrase or stamp it into metal.
First, ensure you have written down your seed phrase words correctly and in the right order. To verify this, log in to your Passport, then from the main menu select “Settings,” then “Advanced,” then “View Seed Words.”