Key Teleport

Requires Q, new in firmware version v1.3.2Q

What is Key Teleport?

Key Teleport is a feature designed for the COLDCARD^® Q, allowing users to securely transfer confidential data between COLDCARDs. You can send:

• Seeds: Master Seed (words or XPRV), or anything in the Seed Vault.
• Secure Notes & Passwords: A single note or password, or the entire Secure Notes & Passwords database.
• Full COLDCARD Backup: A full backup, receiver must have no Master Seed to apply it.
• Multisig PSBTs: A multisig PSBT can be passed along to each signer. See Key Teleport Multisig PSBT for more details.

How Does Key Teleport Work?

The process involves two COLDCARD Qs: one as the receiver and one as the sender.

Receiver Start:

1. Generates ephemeral keypair and random numeric Receiver Password.
2. AES-256-CTR encrypts keypair's public key with the Receiver password and encodes result as BBQr.
3. Shares BBQr from above step and Receiver Password with the sender via different channels.

The sender:

1. Scans BBQr from receiver and decrypts it with Receiver Password.
2. Creates ephemeral keypair and uses ECDH (with decrypted public key from receiver) to arrive at session key.
3. Picks random Teleport Key.
4. AES-256-CTR encrypts data to be sent with Teleport key.
5. AES-256-CTR encrypts already encrypted payload from previous step with session key, prepends ephemeral keypair's public key, and encodes as BBQr.
6. Shares BBQr from above step and Teleport Key with the receiver via different channels.

Receiver Finish:

1. Scans encrypted BBQr payload from sender.
2. Extracts sender public key and uses ECDH to arrive at session key.
3. Decrypts 1st layer with session key.
4. Decrypts 2nd layer with Teleport Key from Sender.
5. Imports decrypted secrets for use with COLDCARD.

For technical details, see the Key Teleport protocol spec.

Video calls work well for sharing QR/BBQr codes. The code should be held still, with the QR at full-frame. The scanning COLDCARD can adjust as necessary until all parts are acquired.

Key Teleport for General Data Transfers

This section describes how to use Key Teleport to send seeds, notes, passwords, or a full COLDCARD backup. For information about Key Teleporting multisig PSBTs, go to: Key Teleport Multisig PSBT.

Set Up the Receiver

1. The COLDCARD that is going to receive data has to initiate the process by creating a new public/private keypair. The public key is encrypted and shared via QR code, along with the Receiver Password (decryption code), to the sending COLDCARD.

   On the receiving COLDCARD, go to: Advanced/Tools > Key Teleport (start).

   

   • If you have ever created a keypair and Receiver Password that wasn't used, the COLDCARD will attempt to re-use those values. Hit ENTER to use the old values, or generate a new keypair and password by pressing R.

     

2. Next, the COLDCARD will create a random Receiver Password. Share the Receiver Password with the sending COLDCARD using a different communication method than the one used for sharing QR codes.

   Receiver Password and QR Code Must Be Shared Over Separate Channels

   Receiver Password MUST be shared using a different communication method than the encrypted QR code. For example, if the QR code is to be shared over a video call, then you could make a voice call, text message, or email to share the Receiver Password to the sender.

3. After sharing the Receiver Password with the sender via one method, switch to a different communication medium to share the QR code with the sender.

4. On the receiver COLDCARD, press the QR or ENTER key to display the QR code on-screen. Then share with the sender's COLDCARD.

   

   • Optionally, you can hit the NFC key on the COLDCARD and tap with a phone and share the QR code via a helper website. This is helpful when not using a video call to share QR/BBQr codes. You can either copy the link and give it to the sender, or download the pic of the QR code and share that.

     

Prepare the Sender

1. Once the sending COLDCARD has obtained the Receiver Password, it can scan the QR code from the receiver. Press the QR key and scan the receiver's QR code.

   

2. You will be brought to the Teleport Password (number) prompt. Entering the Receiver Password will decrypt the QR code and create the session key, used for the first layer of encryption on the data to be sent.

   Type the Receiver Password, and hit ENTER.

   

   • Be sure to enter the correct Receiver Password. An incorrect value will be accepted here, and allow the process to continue. However, the final transfer will fail in that case and you will have to start over.

3. You can now Key Teleport general data. Read the warning and tap ENTER to choose what to share.

   

4. Select what you would like to Key Teleport to the receiver. Notes and passwords will be stored in the Secure Notes & Passwords database. The feature will be automatically enabled on the receiver if necessary. These are your options:

   

   • Quick Text Message: Type a single text message to be sent to the receiver and saved as a secure note.
   • Single Note / Password: Send a single note or password from the sender's Secure Notes & Passwords database.
   • Export All Notes & Passwords: All notes and passwords from the sender's Secure Notes & Passwords database will be sent.
   • From Seed Vault: The sender picks one seed from their Seed Vault to send. The receiver imports as a Temporary Seed and is prompted if seed should be stored in Seed Vault. Teleporting Seed Vault entry preserves origin and label fields.
   • Master Seed Words: The Master Seed of the sender is passed to the receiver, where it will ask to import as a.) Temporary Seed (if COLDCARD has master seed), b.) master seed (if COLDCARD has no master seed).

   • Full COLDCARD Backup: Sender's full COLDCARD backup will be shared, including Master Seed, Seed Vault, multisig wallets, all Secure Notes & Passwords, and all settings! The receiver must have no Master Seed on their COLDCARD (either a new device, or one with a destroyed seed).

     If the receiver has a Master Seed, then the sender's Master Seed is imported only as a Temporary Seed, preserving only multisig settings. If receiver uses blank COLDCARD, backup is fully restored and used as master seed.

   Caution Sending Secrets

   The receiver COLDCARD will have full access to all Bitcoin controlled by these keys!

5. Once the sender has selected the data to be transferred, the COLDCARD will present the Teleport Password, an 8-digit alphanumeric password that will be used to for the second layer of encryption on the data.

   Share the Teleport Password with the receiver using a different communication channel than the one used for sharing QR codes.

   Teleport Password and BBQr Code Must Be Shared Over Separate Channels

   Teleport Password MUST be shared using a different communication method than the encrypted BBQr code. For example, if the BBQr code is to be shared over a video call, then you could make a voice call, text message, or email to share the Teleport Password to the sender.

   

6. Press ENTER or QR to share the encrypted data with the receiver as a BBQr code.

   

   • You can also hit NFC to share the encrypted data with your phone using the helper site. The link itself, or a download of the BBQr, can then be shared with the receiver.

     

Complete Transfer on the Receiver

1. After the receiver COLDCARD has obtained the Teleport Password from the sender, it can scan their BBQr code. Tap the QR key, and scan the sender's code.

   

   • If the wrong Receiver Password was entered by the sender, you will get an error after scanning the BBQr code. In that case you will have to start the process over at the beginning.

     

2. Upon scanning the code you will be taken to the Teleport Password (text) prompt. The Teleport Password is not case sensitive, but unlike the Receiver Password, only the correct password will be accepted.

   Type the Teleport Password and hit ENTER to decrypt the data.

   

3. When you enter the correct Teleport Password the payload will be decrypted and imported to the receiver COLDCARD.

   • If the Teleport Password was entered incorrectly, you'll get an error. You can either hit ENTER to try the password again, or press CANCEL to abort the transfer.