- Part 1: How to prove a sealed OpenDime is genuine (made by CoinKite).
- Part 2: How to prove an unsealed OpenDime had a randomly generated (secure) seed.
- Part 3: How to assess the trustworthiness of a sealed OpenDime.
Part 1 - Check Authenticity
Aim: Prove an OpenDime is authentic
Run the code below on a SEALED OpenDime:
cd /Volumes/OPENDIME/advanced python trustme.py
- DO run from a trusted source; either by downloading and running the script from the OpenDime GitHub repository or running the script from a second (genuine) OpenDime.
- DON’T Run the script from the files onboard the OpenDime you are verifying.
Each OpenDime has a unique certificate containing amongst other things the serial numbers of two chips (the micro on which the certificate signing occurs and the SE where the private key is stored).
Running the trustme.py python script checks that the certificate is authentic meaning that the OpenDime was manufactured by someone with the OpenDime Batch Certificate Private Key.
The script gets the secure element (SE) on the OpenDime to sign a unique message, a digest which contains some combination of hashes of:
- A 20 byte nonce supplied by the checker (a 20 byte nonce)
- the serial numbers of both the micro and the SE
- the address ‘controlled’ by the OpenDime
- SE chip configuration values (which attest to the configuration of the SE)
The SE signs this message with the batch private key (written to the SE by CoinKite in the factory) thus proving that the OpenDime is genuine.
Part 2 - Check Seed Randomness
Aim: Prove the seed is random (secure).
Run the code below on an UNSEALED Opendime.
pip install pycoin cd unsealed/advanced python rngverify.py ../../entropy.bin
The script checks that the private key was randomly generated using the user supplied data at initialisation, thus proving that the seed was secure. (Above advice about running trusted code applies again).
Note: This step can only be performed if a perfect copy of the user supplied data is available at the point of verification. It might be worth establishing a publicly accessible repository of voluntarily submitted user entropy corresponding to specific OpenDimes (identified by the pubkey).
Part 3 - Assess trustworthiness of a sealed OpenDime.
Aim: Assess whether a sealed OpenDime should be trusted to be secure
As the keen observer may have noticed, though you can perform Step 1 on a SEALED OpenDime you cannot perform Step 2.
That is to say that you can’t PROVE that the SE has generated a true random private key until you unseal.
That said, OpenDime’s are widely used AND there are no reports of non-random seeds being generated by genuine devices thus you can have a degree of confidence that a genuine SEALED OpenDime is secure (has a random seed) and thus trustworthy.
I personally am happy accepting an OpenDime which I have verified is genuine. I regularly use both OpenDime’s and ColdCard’s. NVK and DocHex have worked tirelessly for years developing incredible hardware which advances the state of the art regarding bitcoin storage.