{"id":20195605,"url":"https://github.com/bokkypoobah/topsecrets","last_synced_at":"2026-03-14T04:33:05.438Z","repository":{"id":231499804,"uuid":"781911854","full_name":"bokkypoobah/TopSecrets","owner":"bokkypoobah","description":"Recipe to build a TopSecrets read-only offline crypto device","archived":false,"fork":false,"pushed_at":"2024-05-14T00:16:21.000Z","size":22482,"stargazers_count":6,"open_issues_count":0,"forks_count":1,"subscribers_count":2,"default_branch":"main","last_synced_at":"2024-11-14T04:18:43.523Z","etag":null,"topics":["backup","bip-39","bitcoin","cryptocurrency","ethereum","mnemonic","offline","private-key","raspberry-pi","raspberry-pi-400","secret-phrase","seed-phrase","shamir","shamir-secret-sharing","top-secret","top-secrets"],"latest_commit_sha":null,"homepage":"","language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bokkypoobah.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-04-04T09:25:44.000Z","updated_at":"2024-09-28T11:28:37.000Z","dependencies_parsed_at":"2024-11-14T04:28:51.605Z","dependency_job_id":null,"html_url":"https://github.com/bokkypoobah/TopSecrets","commit_stats":null,"previous_names":["bokkypoobah/offlineshamir39devicerecipe","bokkypoobah/readonlyofflineshamir39devicerecipe","bokkypoobah/readonlyofflinecryptodevicerecipe","bokkypoobah/topsecrets"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bokkypoobah%2FTopSecrets","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bokkypoobah%2FTopSecrets/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bokkypoobah%2FTopSecrets/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bokkypoobah%2FTopSecrets/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bokkypoobah","download_url":"https://codeload.github.com/bokkypoobah/TopSecrets/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248198891,"owners_count":21063628,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["backup","bip-39","bitcoin","cryptocurrency","ethereum","mnemonic","offline","private-key","raspberry-pi","raspberry-pi-400","secret-phrase","seed-phrase","shamir","shamir-secret-sharing","top-secret","top-secrets"],"created_at":"2024-11-14T04:18:22.361Z","updated_at":"2026-03-14T04:33:05.387Z","avatar_url":"https://github.com/bokkypoobah.png","language":"HTML","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Top Secrets\n\n**Work in Progress**\n\n\u003cp align=\"center\"\u003e\n  \u003cimg height=\"150\" src=\"https://raw.githubusercontent.com/bokkypoobah/TopSecrets/main/images/topsecrets.svg\" /\u003e\n\u003c/p\u003e\n\n**Top Secrets** is a **read-only** **offline** crypto device. This is a \"simple\" recipe for you to create your own Top Secrets device using readily available and inexpensive parts.\n\nThe Operating System (OS) for this device is configured to write any file system changes to Random Access Memory (RAM) and these changes are lost when power to the device is disconnected.\n\nThe following open source software tools are installed for offline execution.\n\n| Tool / GitHub | Some Uses / URL For Testing |\n| --- | --- |\n| Shamir39\u003cbr /\u003e[iancoleman/shamir39](https://github.com/iancoleman/shamir39) | Split BIP-39 mnemonic seed phrases into shares that can be combined to recreate the original phrase.\u003cbr /\u003e[https://iancoleman.io/shamir39/](https://iancoleman.io/shamir39/) |\n| BIP39 Tool\u003cbr /\u003e[iancoleman/bip39](https://github.com/iancoleman/bip39) | Extract private key, public key and addresses derived from BIP-39 mnemonic seed phrases.\u003cbr /\u003e[https://iancoleman.io/bip39/](https://iancoleman.io/bip39/) |\n| Simple Shamir's Secret Sharing (s4)\u003cbr /\u003e[simonfrey/s4](https://github.com/simonfrey/s4) | Encrypt messages into shares that can be combined to recreate the original unencrypted messages.\u003cbr /\u003e[https://simon-frey.com/s4/](https://simon-frey.com/s4/) |\n| Banana Split\u003cbr /\u003e[paritytech/banana_split](https://github.com/paritytech/banana_split) | Encrypt messages up to 1024 characters into QR code shares that can be combined to recreate the original unencrypted messages. Requires a camera to scan the QR codes for the combining process.\u003cbr /\u003e[https://bs.parity.io/](https://bs.parity.io/)  |\n| Vanity-ETH\u003cbr /\u003e[bokub/vanity-eth](https://github.com/bokub/vanity-eth) | Generate (vanity) Ethereum addresses with the private keys that can be saved as password protected .json keystore files.\u003cbr /\u003e[https://vanity-eth.tk/](https://vanity-eth.tk/) |\n\nPlease see [Risks](#risks) before any serious use.\n\n## Overview\n\n![](images/mindmap_20240415_1245.png)\n\n\u003cbr /\u003e\n\n---\n\n## TODO REVISE BELOW\n\nIf you hold, or will hold cryptocurrency, you will eventually search for a tool to distribute parts of your private keys to multiple locations or parties.\n\nThis guide is a recipe for you to build a read-only offline Raspberry Pi 400 device to split and combine your private keys, in the form of BIP-39 mnemonic seed phrases, using the [Shamir39 tool](https://github.com/iancoleman/shamir39).\n\n\u003cbr /\u003e\n\n## Table Of Contents\n\n* [Overview](#overview)\n* [Shopping List](#shopping-list)\n  * [Raspberry Pi 400](#raspberry-pi-400)\n  * [MicroSD Card](#microsd-card)\n  * [USB-C Power Supply](#usb-c-power-supply)\n  * [USB-A or USB-C Mouse](#usb-a-or-usb-c-mouse)\n  * [Monitor With Micro HDMI Cable](#monitor-with-micro-hdmi-cable)\n  * [Component Prices](#comonent-prices)\n  * [Separate Computer And Wireless Internet](#separate-computer-and-wireless-internet)\n* [Preparing The Raspberry Pi OS Installation MicroSD Card](#preparing-the-raspberry-pi-os-installation-microsd-card)\n* [Building The Read-Only Offline Shamir39 Device](#building-the-read-only-offline-shamir39-device)\n* [Using The Read-Only Offline Shamir39 Device](#using-the-read-only-offline-shamir39-device)\n* [Risks](#risks)\n* [Alternatives](#alternatives)\n* [FAQs](#faqs)\n\n\u003cbr /\u003e\n\n---\n\n## Overview\n\nMany hardware and software wallets use [BIP-39 mnemonic seed phrases](https://bitcoinwiki.org/wiki/mnemonic-phrase) for the backup and recovery of the private keys.\n\n\u003cp float=\"center\"\u003e\n  \u003cimg height=\"200\" src=\"https://miro.medium.com/v2/resize:fit:1400/format:webp/1*k3nEHUbojyK-MLzz3Up2rw.jpeg\" /\u003e\n  \u003cimg height=\"200\" src=\"https://cdn05.zipify.com/jWNo4pZh2__jUAKAXeA3R-YxN5A=/fit-in/2048x0/45fbab1bcc044dd59250acd4286f53df/trezor-one-confirm-seed.jpg\" /\u003e\n\u003c/p\u003e\n\nOne \"safer\" way to store the BIP-39 mnemonic seed phrases is to split them into **shares** using the **Shamir39** tool at https://iancoleman.io/shamir39/. These shares can then be distributed to multiple locations or parties for safekeeping, and combined when required to recover the original BIP-39 mnemonic seed phrases.\n\nHere is an example of a BIP-39 mnemonic seed phrase split into 5 shares, with a minimum of 3 shares required to recover the original BIP-39 mnemonic seed phrase.\n\n\u003cimg width=\"800\" src=\"images/Shamir39Split.png\"\u003e\n\n\u003cbr /\u003e\n\nHere are the minimum three shares combined to recover the original BIP-39 mnemonic seed phrase.\n\n\u003cimg width=\"800\" src=\"images/Shamir39Combine.png\"\u003e\n\n\u003cbr /\u003e\n\nThe Shamir39 tool linked above should only be used with a computer permanently disconnected from any networks to prevent the leakage of any secrets.\n\nThis is a simple recipe to create a small **dedicated** **offline** **read-only** **Raspberry Pi 400** computer to run the Shamir39 tool in **standalone** mode.\n\nWhen this device is being used, any changes to the file system is written to Random Access Memory (RAM) instead of the MicroSD card storage, and these changes will be lost when the device loses power.\n\nPlease see [Risks](#risks) before any serious use.\n\n\u003cbr /\u003e\n\n---\n\n## Shopping List\n\nSee [Hardware](Hardware.md).\n\n\u003cbr /\u003e\n\n---\n\n## Preparing The Raspberry Pi OS Installation MicroSD Card\n\nSee [Storage Preparations](StoragePreparation.md).\n\n\u003cbr /\u003e\n\n---\n\n## Building The Read-Only Offline Shamir39 Device\n\nSee [Installation](Installation.md).\n\n\u003cbr /\u003e\n\n---\n\n## Using The Read-Only Offline Shamir39 Device\n\nBoot your machine and load `standalone.html` from your Downloads folder to use Shamir39 offline to split or combine your keys. Power off and all your secrets on the device are forgotten.\n\n\u003cimg width=\"600\" src=\"images/NewDeviceReady.png\"\u003e\n\n\u003cbr /\u003e\n\n---\n\n## Risks\n\n### Shamir39 Tool\n\nThe [Shamir39 tool](https://iancoleman.io/shamir39/) could have some weaknesses in the algorithms, or in the implementation of the algorithms. Please carefully read the warnings messages in this tool.\n\n#### Recoverability Of Original Keys\n\nTo be fully confident that you can recover your original BIP-39 mnemonic seed phrase from your shares, manually test the different combinations in this same tool.\n\n#### Randomness\n\nUse your hardware wallet to generate your BIP-39 mnemonic seed phrase in preference to using the `Generate` button in this Shamir39 tool. This will reduce any risks in case of vulnerabilities in the random number generation process using this Shamir39 tool.\n\n#### Algorithm Not Standardised\n\nThe Shamir39 tools does not use a standardised algorithm and there is no alternative implementation.\n\nWhen splitting important keys using this tool, remember to keep several \"backups\" of this offline Shamir39 devices.\n\nThe main backups are copies of your offline Shamir39 MicroSD card.\n\nHaving the Raspberry Pi hardware backup is slightly less important, as you can use your MicroSD card in any readily available Raspberry Pi Model 4 series.\n\nAlso keep good documentation as you may only access these devices and MicroSD cards very infrequently.\n\n#### Hope And Pray\n\nHope and pray that there are no serious vulnerabilities in the Shamir39 and Shamirs Secret Sharing algorithms, and this implementation.\n\n\u003cbr /\u003e\n\n### Hardware\n\n#### Computer Monitor HDMI Connection\n\nThe signals from the Micro HDMI connection of this device to your computer monitor can leak your secrets. Only use computer monitors, cables and adaptors that your trust \"enough\".\n\n#### Keyboard\n\nThe reason why the Raspberry Pi 400 is chosen for this recipe is because you do not have to connect an external keyboard to your offline device. If you are using one of the [Alternatives](#alternatives) requiring a keyboard, the signals from your keyboard can [leak your secrets](https://www.amazon.com.au/AirDrive-Keylogger-Hardware-Wi-Fi-memory/dp/B073XRXP3S). Only use keyboards and adaptors that you trust \"enough\".\n\n\u003cbr /\u003e\n\n---\n\n## FAQs\n\nMoved to [FAQs.md](FAQs.md).\n\n\u003cbr /\u003e\n\n\u003cbr /\u003e\n\nEnjoy!\n\n© Bok Consulting Pty Ltd 2024, CC0-1.0 license\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbokkypoobah%2Ftopsecrets","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbokkypoobah%2Ftopsecrets","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbokkypoobah%2Ftopsecrets/lists"}