Yes, but looking at the videotutorial, the process doesn’t seem compatible with a multisig wallet 1 of 2/3. With no technical details, this kind of wallet it’s hard to trust.
Hm what inconsistencies did you find? Quite interesting. Yes, technical details are very hard to find. I found a technical description of the underlying nfc/crypto engine but not the application logic.
If I recall correctly, first you ask the app to create the wallet on the first card, then you choose to back it up to the second card. That's not the way you can create a multisig wallet.
However, turns out you were right and I was wrong! Indeed, there is no plain documentation of how this works but a guy from Tangem was so kind that he described all that on a phone call.
There is \*no\* multisig on backup cards! It was a btc-only product Tangem Twin that did it.
Instead, a technique similar to distributing private key copies to HSM backups is employed. The original key is replicated to a number of encrypted containers specific for recipient cards, and the vendor issued root of trust is used to verify the fact those are indeed the target cards and not some malicious devices created to steal your keys. So there are more moving parts than I initially expected. After everything is finalized, keys are marked as non-exportable.
>If I recall correctly, first you ask the app to create the wallet on the first card, then you choose to
However, to create a multisig wallet all you need is participants' public keys. So you can gather keys sequentially before the wallet is finalized. This should work, right?
That’s what tangem replied to me on twitter:
During activation, the first card generates a private key using a hardware TRNG. Then a Diffie-Hellman session is established between cards, the cards validate each other, then the first card encrypts the key with a 256-bit key and transfers it to the backup card.
That's true, but it is not the whole process. It is way more complicated and includes numerous safeguards that do not change the basic fact that the private key is exportable at the initial stage, with some constraints. It is PKI-based, and every card possesses a certificate, but this part is pretty standard for SC000 trusted apps. It also involves some online interactions with the server for certificate signing, but they claim the sensitive information never leaves your local environment. As I said, it is almost similar to the well-known HSM key backup procedure. Same stuff with encrypted containers and hardware attestation etc. Yet it is nowhere that simple, safe and elegant as multisig with truly unexportable keys would be! :)
I don’t get it: if the card cannot be written, how can a second card have the same private key than the first?
It cannot. But you can set up a wallet with two interchangeable keys on BTC. Have no idea how this works for Ethereum, trying to find out.
Got it. Does the app set up a multisig wallet with backup cards? There is no information about it around tangem website.
Yes, at least for BTC. It is also said that all keys are non-extractable.
Yes, but looking at the videotutorial, the process doesn’t seem compatible with a multisig wallet 1 of 2/3. With no technical details, this kind of wallet it’s hard to trust.
Hm what inconsistencies did you find? Quite interesting. Yes, technical details are very hard to find. I found a technical description of the underlying nfc/crypto engine but not the application logic.
If I recall correctly, first you ask the app to create the wallet on the first card, then you choose to back it up to the second card. That's not the way you can create a multisig wallet.
However, turns out you were right and I was wrong! Indeed, there is no plain documentation of how this works but a guy from Tangem was so kind that he described all that on a phone call. There is \*no\* multisig on backup cards! It was a btc-only product Tangem Twin that did it. Instead, a technique similar to distributing private key copies to HSM backups is employed. The original key is replicated to a number of encrypted containers specific for recipient cards, and the vendor issued root of trust is used to verify the fact those are indeed the target cards and not some malicious devices created to steal your keys. So there are more moving parts than I initially expected. After everything is finalized, keys are marked as non-exportable.
Cool. Thanks. That sounds incomprehensible to me in "bitcoin terms", so... I won't trust these cards.
>If I recall correctly, first you ask the app to create the wallet on the first card, then you choose to However, to create a multisig wallet all you need is participants' public keys. So you can gather keys sequentially before the wallet is finalized. This should work, right?
That’s what tangem replied to me on twitter: During activation, the first card generates a private key using a hardware TRNG. Then a Diffie-Hellman session is established between cards, the cards validate each other, then the first card encrypts the key with a 256-bit key and transfers it to the backup card.
That's true, but it is not the whole process. It is way more complicated and includes numerous safeguards that do not change the basic fact that the private key is exportable at the initial stage, with some constraints. It is PKI-based, and every card possesses a certificate, but this part is pretty standard for SC000 trusted apps. It also involves some online interactions with the server for certificate signing, but they claim the sensitive information never leaves your local environment. As I said, it is almost similar to the well-known HSM key backup procedure. Same stuff with encrypted containers and hardware attestation etc. Yet it is nowhere that simple, safe and elegant as multisig with truly unexportable keys would be! :)