What is SATSCARD?

Like cash in hand, pass physical Bitcoin along multiple times. Gift. Anonymous. Trust no one.

SATSCARD is new type of OPENDIME® in an NFC card form factor with ten times the reuse capacity.

Gift and trade Bitcoin physically; maximize in person trading while minimizing trust between parties.

How do I unseal it to reveal the Bitcoin?

You need a companion app on a mobile phone to run the unseal command. It will ask for the spending code, a 6-digit card verification code (CVC), to authorize the change.

Example of SATSCARD deposit QR code and spend code on the back of the card

Do I need this paper envelope it came in?

Yes! That's a special radio frequency (RF) blocking sleeve. It prevents unwanted access by RF readers with bad intentions. Be sure to insert the SATSCARD fully into the sleeve: even 5 mm sticking out can allow a sneaky reader to get a signal.

I lost the RF-blocking sleeve! What can I do?

Thousands of RF-blocking (you can search for RFID-blocking) sleeves, wallets, and other card protectors are available for purchase at Amazon or elsewhere online. Any of these should work.

Will you have different graphics?

Yes! We are actively working with artists to produce more designs. For example, this design by @cryptograffiti:

SATSCARD artwork by cryptograffiti

And if you are a brand looking to white label it, please get in touch.

Can I use a SATSCARD with a computer (desktop, laptop)?

Yes! You need a USB NFC card reader and the cktap command-line software. Or any desktop wallet that uses our open protocol.

Why multiple slots?

The original OPENDIME had a single private key, and once unsealed, that's that. With ten slots, you can use a SATSCARD over and over.

Does this replace my existing Bitcoin wallet?

No, you still would need a third-party wallet or Bitcoin Core to move your funds in and out of the SATSCARD.

What could this be used for?

How do I get funds out?

  1. Unseal the current slot (factory default slot is zero) and export the WIF.
  2. Import the WIF into a wallet on the blockchain and sweep the funds.

Is the private key unique and secret?

Yes. SATSCARD comes with a private key for slot zero only. You can supply entropy (random numbers) to generate keys for the remaining slots as you use them. The factory-generated address is made from the block hash (at the "birth height" of the card) and a random number that never leaves the card.

How do I see the deposit address?

Can I reseal after unsealing a slot?

No. Unsealing a slot causes a permanent change to the chip's flash memory.

How do I check a SATSCARD's balance on a smartphone?

How do I know I'm seeing a real SATSCARD?

There are a number of ways to verify the card:

How do I know I'm depositing to the correct address?

Use a mobile wallet that supports SATSCARD to verify.

What about address reuse? Isn't that a privacy concern?

SATSCARD transactions are a little different from blockchain transactions: Whenever two people meet and trade goods or services for a SATSCARD, you could say a transaction has occurred, and yet nothing is recorded on the blockchain. This is different from a regular Bitcoin wallet that continuously makes blockchain records and can create a complex web of connections that anyone can later explore.

We expect most SATSCARD units to be loaded once, probably with a "round number" of Bitcoin and unloaded exactly once in their lifetime. It's impossible to know what's happened in the meantime — just like a gold coin that has passed through many hands over the years.

Can I store data on it?

No. The SATSCARD is read-only and can only be changed by unsealing it.

What is the expected lifetime of the device?

Like most electronic devices, if stored properly, it should last decades.

For long-term HODL/storage and large amounts, we recommend a COLDCARD® Hardware Wallet, an ultra-secure Bitcoin wallet also made by Coinkite.

Can I use it as a secure method for private key generation?

Absolutely. SATSCARD is a very safe and effective way of generating uncompromised private keys.

We suggest using a new slot (not the factory-assigned slot) for this purpose.

Can I use it for multisig co-signing?

Yes, but we recommend using TAPSIGNER for multisig

Can I use it on an untrusted computer?

Yes, it's safe to verify and load a SATSCARD on an untrusted computer. The private key is generated inside and never leaves the SATSCARD, regardless of any malware and keyloggers that may be present on a connected computer — assuming you have never typed out the CVC (spend code).

After unsealing, we recommend using a trusted phone or computer since using the spend code reveals the private key. You need a trusted device anyway since you are sending the funds from the SATSCARD to some other Bitcoin address, and you want to avoid unnecessary risks.

What if I forget my password?

There is no password nor seedphrase!

The CVC (spend code) is etched onto the back of the card and travels with it.

The CVC confirms you are holding the card (and it's not in your back pocket on the bus).

How do I know the verification link is genuine?

A different random nonce (short for "number once," a single-use numerical value used in cryptography) is signed each time you tap the card on your phone to receive the URL over NFC. Our server verifies the signature and uniqueness of the nonce. In fact, it's impossible to recover a payment address if the signature is tampered with.

You can also tap again to get a new nonce and corresponding signature.

cktap can do additional verification over the NFC interface that is not possible via the single NFC tap to webpage method. All verification code is open source Python.

Is this a centralized service?

No. It is never necessary to use a centralized service with SATSCARD. It provides convenient links to existing third-party blockchain explorer services and this site. Still, there is no need to use those because our protocol is fully open and the private keys are stored on the card itself.

You can use any Bitcoin wallet that monitors the blockchain with SATSCARD so long as the wallet uses our NFC protocol.

How do I know the manufacturer doesn't know the private key?

When creating a new slot, you have the option of providing a 32-byte chain code. That chain code, plus a private key picked by the SATSCARD, are combined using the BIP-32 standard to derive the payment address (m/0).

You can use the chain code you provided and the public part of the SATSCARD's key (shared even when sealed) to derive the payment address. Matching this address with the one given by the card means you can be sure the SATSCARD used your entropy (the chain code). Even if the SATSCARD was using a fixed private key, access to the funds is not possible since the chain code is unknown to anyone else.

More about this in the key picking whitepaper.

Couldn't SATSCARD be generating private keys that look random but are all from the same HD (BIP-32) tree they control?

No. Each customer provides their own chain code for entropy. Before making a deposit, a customer can verify SATSCARD incorporated the chain code entropy when generating the keys. At the factory, we use the Bitcoin block hash of a recent block as the chain code; this is also unpredictable since it's a product of the Bitcoin mining process.

In contrast, the original OPENDIME required you to unseal before verification. You also had to track all 256 bytes of entropy during ownership.

If I get a SATSCARD initialized by someone else, they will know the chain code (32 bytes) used, so maybe they know the private key?

No. The SATSCARD itself always provides 256 bits of high-quality entropy into the same process as BIP-32. The device carefully picks its contribution to the private key, using a TRNG certified by the card maker. The chip's hardware is certified to Common Criteria evaluation assurance level 6 (EAL6). That process covers the TRNG's operation and most of the crypto math we use.

Can I use a SATSCARD to sign a message?

Yes, a SATSCARD can sign arbitrary messages after it is unsealed.

What if I use a cheap generic NFC card and just copy the URL?

This doesn't work because the URL is dynamic. The card uses a different random nonce on each tap, and our server tracks nonce values and doesn't allow reuse.

In addition, real SATSCARDs are engraved at the factory by a particular laser system that leaves raised markings that are very difficult or impossible to change.

What if I make a malicious SATSCARD?

Each SATSCARD made by Coinkite carries a certificate, signed by our factory. Like the X.509 certificate chain for OPENDIME®, it can be traced back and verified in the field.

The Python code in cktap will always verify the certificate chain when speaking to a SATSCARD.

Verification does not require Internet access.

What about an active MiTM attack or relay attack over NFC?

A man-in-the-middle can't change what you're doing with the card. ECDH (Elliptic-curve Diffie-Hellman) is used to encrypt key values like the card verification code (CVC) required to modify the card or view keys. Similarly, when being read from the card, the private key is encrypted with ECDH.

Still have questions? Contact support: [email protected]