H
HoskSaid
Back to videos

The first paper wallet to ever be backed up via an X Post

Sunday, February 2, 20257:468,691 viewsWatch on YouTube
u keyssatoshi nakamotopost-quantum cryptopaper walletlace walletwallet backupcharles hoskinsoniron keypgp encryption

Summary

  • Charles Hoskinson announces a new paper wallet generator developed by the Lace team to improve wallet backup experiences in cryptocurrency.
  • The traditional method of backing up wallets involves writing down 12 or 24 keywords, which is cumbersome.
  • The new method allows users to input a PGP key during wallet creation to generate a PDF with encrypted QR codes for easy backup.
  • Hoskinson claims to be the first person in cryptocurrency history to tweet a backed-up wallet using this new method, reaching 71,000 views.
  • He demonstrates the use of PGP keys, explaining the difference between public and private keys, and showcases a demo key.
  • Recommendations for securely storing PGP keys include using FIPS 140-2 U Keys and encrypted flash drives like the Iron Key series.
  • Future updates to the Lace wallet will include full compatibility with U Keys, allowing for easier spending and encryption.
  • Hoskinson mentions the potential for post-quantum cryptography integration in the future, using protocols like XMSS or lattice-based crypto.
  • He discusses the security risks associated with printers and the possibility of replay attacks on printed documents.
  • The video emphasizes the ease of using PGP encrypted PDFs for wallet backups, including emailing them for long-term storage.

Full Transcript

Hi, this is Charles Hoskinson broadcasting live from warm, sunny Colorado. Always warm, always sunny, sometimes Colorado. There'll be a change of scenery soon as I move back to my farm. It's been a long time coming. You may notice that I have different offices from time to time, depending on whether I'm in Gillette, at the ranch, or at various places the office in Longmont.

Anyway, I wanted to make a video to share something that’s near and dear to my heart and gets me really excited. It’s something I’ve wanted to do for over ten years in the cryptocurrency space. Kudos to the Lace team because they did something really cool. I said we need to have a paper wallet generator because I hate the user experience of how people back up wallets. Traditionally, when you create a wallet and want to back it up, you have 24 keywords or 12 keywords, or whatever the standards are these days.

You have to write them down on a piece of paper or type them out and print them, and it’s just so cumbersome and annoying. But that’s the lived experience that people have. I thought it would be awesome if I could take my PGP key and, during the wallet creation, input the PGP key to generate a PDF that I can print out or email to myself. It would just have QR codes, and the QR code would be encrypted with the PGP key. They said that sounds a lot of fun to do, and that’s what we did.

The team implemented it, and let me show you something. I am the first person in the history of the cryptocurrency space to do the following: I took my wallet that I created, backed it up with a PGP key, and took the paper wallet template and physically tweeted it. So, my storage solution for the wallet I created is literally using a post that has been seen by 71,000 people, with 1.6 thousand likes, 278 retweets, 151 bookmarks, and 100 comments. I state with pride that I took the address from that; you can also see it down there.

You didn’t have to manually type or use OCR for that. This is what it looks like when you actually have the template. You have the public address, and this is the private address right here, which is actually an encrypted string. If you’re curious about encryption, this is what a PGP key looks like. M Velope is one of the easiest ways to generate PGP keys and manage them in the browser.

I created a fake PGP key right here, example.com. What I’m going to do is go ahead and export this key. This is what a public key looks and this is the corresponding private key. I tend to use this as an example.

If you take a look at my key ring, you have two keys, which means you have the public key and the private key. If you only have one key, it means you have a public key. This is Satoshi Nakamoto’s public key from 2008; that’s the key ID. You may notice in my Twitter that I have this right here, and you have this little thing there. That’s actually called a PGP fingerprint, and that’s where these come from.

These are PGP fingerprints. Now you actually know where that comes from. If you see it on my Twitter, I use it to authenticate. If you have two keys, it means there are public keys. The public key looks like this—a whole bunch of letters—and the private key for this throwaway key that I generated for the demo looks like this.

You have your little private key block. What happens is you take your public key and put it in the wallet generator, which will generate that paper wallet template that I just showed. The best place to store your PGP keys after you generate them and put a backup is in one of these U Keys. The FIPS 140-2 U Keys are phenomenal. They’re about $80 and come in different form factors and sizes, like classical USB, USB-C, and even a lightning connector.

You can actually store your PGP key on this device, and there’s no way to get it out once it’s in. Typically, you generate it, put a backup on an encrypted flash drive—the Iron Key series is really good for that—and then use your Ubi key here, and you’re good to go. Currently, we’re going to update the Lace wallet at some point to be fully compatible with U Keys, and we can replace spending passwords with it. You just tap the U key to spend, and also use encryption and decryption with U Keys for PGP. All that will come into the infrastructure.

If you’re curious about PGP, here’s a good video from Hacker Sploit from five years ago, the complete PGP tutorial, which can help you get some familiarity and comfort with it. Anyway, my money is where my mouth is. I’m the first person in the history of crypto to take my paper wallet—those things where you write the keywords down—and just tweet it out for the whole world to see. You guys can try to break it if you want; you won’t because PGP is secure. It’s nice that we were able to take a 1991 protocol and give it some new life.

What’s really cool is this is a platform, so later on, as we go into the post-quantum era, you can just use a post-quantum public key from something like XMSS or lattice-based crypto and bring that in, and then basically use that for encryption and decryption, which is super cool. I can’t wait to see what happens there. By the way, regarding the printer-fooling attack, somebody asked if it’s true that printers with memory can be hacked for recent documents. Absolutely true. People do what’s called a replay attack.

They’ll take the buffer of the printer and tell it to print old jobs. If you print your piece of paper out and someone gets access to your printer, which are notoriously insecure, they can just have the printer reprint your paper wallet. If it’s PGP encrypted, it doesn’t matter; they’re basically getting the same copy of that that you have with my wallet that’s up on Twitter. This gives you a sense of how powerful and robust this is. It also makes your backup super easy.

In practice, what a lot of people do when they have this PGP encrypted PDF is email it to themselves. It just stays in your email account, which typically lasts a long time. You can print it out and put it in your safe, all those types of things. It’s pretty good; it’s pretty cool. I just wanted to make a quick video.

I am the first person in the history of crypto to use an X post as my crypto wallet backup solution, and I think I’ll keep that record for a while. Thanks for listening. Cheers!

Found an error in the transcript?

Help improve this transcript by reporting an error.