Frequently Asked Questions
No, the app only stores the encrypted recovery phrase, nothing is ever transferred unless you export or import explicitly. There is no personal information ever collected or stored in the app
Ciphergoat is free to use and generate encrypted recovery phrases. The software is open source, and guaranteed to remain that way. In addition, we offer encrypted and secured QR code (SeQR) engraved in steel and shipped to your home for a fee.
Holding the keys to your coins is the only way you obtain custody of your property. Any person or company holding the keys on your behalf will be able to spend, send, control or seize your assets at their whim. If you keep your coins in the custody of others, you are risking account freezes, loss or confiscation without having any control, these have all already occurred, and rather frequently.
Bitcoin was created for self sovereignty, to enable peer to peer transactions without an intermediary, and without the control or decree of any external entity.
Ciphergoat will encrypt your recovery seed with the strongest encryption standard available, as long as you select a complex enough passphrase and keep it from falling into the wrong hands, your backup is virtually unbreakable by a brute force attack.
We highly recommend using a dedicated device, i.e. an older phone or laptop that has been wiped clean and factory reset. Keep your copy of the ciphergoat app only on that device since for most people and situations, there is no need to carry the app everywhere you go. In addition, you should be creating one or more copies of the encrypted backup recovery by exporting the file and saving it on any air-gapped device such as a thumb drive or SD card.
If you prefer a totally air-gapped and resilient media, nothing beats ciphergoat's SeQR code engraved in stainless steel and sandwiched between two plates. You can export the SeQR code and engrave it yourself if you have the proper tools.It is reasonable to store the encrypted file in a secure cloud storage, and naming the file something that will not raise interest. A password management system like LastPass for example, has a vault area perfect for file storage. You should however never save the passphrase to your encrypted recovery in the same system.
The days of using 6-8 characters are over, it takes seconds to minutes to brute force such passwords with modern computers. You will need a 10 characters word with uppercase, lowercase, numerical and special characters to achieve security. A better approach for many, is to use a passphrase rather than a password where complexity is obtained by a long, non-trivial sequence of words.
- Use long passphrases, even if they are made of simple words (spaces and commas are fine).
- Avoid common or known phrases, make something uniquely yours.
- A good phrase is easy for you to remember, and impossible for others to guess.
- For enhanced security, throw in some mixed cases, numbers, and special characters into your words.
- Don't make it overly complex to a point that you will have trouble remembering.
- Practice your phrase many times, and often. Set reminders to practice your passphrase.
The reason it is considered unsafe is because of possible spyware on your device, or someone obtaining physical access to your device. Such spyware can log your keystrokes or even take snapshots of your screen.
We only recommend using ciphergoat on a dedicated device that has been factory reset (wiped clean), and only entering or retrieving when disconnected from the internet.
In the case of ciphergoat, obtaining phycial access to your device does not expose your recovery seed phrase, since the app has zero knowledge and keeps your data encrypted at all times other than when you actively view the recovery data. Please refer to our best practices to learn how to maximize your security.
You shouldn't trust anyone without doing your own research. We urge you to read through our docs and confirm everything, we provide the transparency for you to do so.
- We provide the source code for the entire back end application, for all to see and examine (see here).
- We do not provide the interface code at this time in an attempt to deter bad actors from simple "clone and deceive" scams.
- We use well known, open source, standard and strong encryption. It is well tested and unbreakable.
- There are no required sign-ups or subscriptions. You may provide your email to receive updates.
- We do not collect any user information, unless you buy a product that requires shipping - but please read more about that.
- We do not ask you for anything in return.
Make sure you go to our website and only download by following links from there.
The concept behind ciphergoat came out of personal need. The solution was derived by the co-founders and in the spirit of bitcoin we decided to share it with the community for sovereignty and for freedom. We do hope you find this app helpful, and would appreciate any support that will help us improve and keep providing this to the community. We offer merch and related products.
A main concern with self custody is that sharing keys is inherently risky, while not sharing that information can render the assets unreachable and hence lost if the owner is gone or cognitively disabled. Ciphergoat's encryption means you can now safely provide heirs with the encrypted recovery phrase (or part of it, e.g. if you wish to use an intermediary):
- Run the ciphergoat process to generate an encrypted recovery phrase.
- Export the encrypted phrase to a passive hardware device (e.g. SD card), or better yet, into a SqQR code metal plate.
- Provide the encrypted recovery to your heirs.
- Do not share your password, but provide it to a trusted 3rd party, do not provide both the passphrase AND the actual encrypted recovery phrase.
- You can get creative, e.g. split your recovery phrase, using the same or different passphrases..
- Keep in mind that overcomplicated schemes can result in loss of access, so keep it simple.
Yes! Who would not want to receive a beautiful plate with a no brainier solutions of self custody?
- Create a new wallet, e.g. on a hot wallet such as MetaMask.
- Encrypt the recovery phrase of the hot wallet using ciphergoat, and be sure to write down the passphrase.
- Verify that you can restore the wallet, generate a wallet address and save it.
- Transfer your coin gift from your wallet to the address of the gift wallet.
- Destroy/erase the wallet
- Export the encrypted phrase into a SeQR Code - have it engraved for a lifetime gift.
- Give your gift, and provide the passphrase.
- As long as they keep that wallet, you can always send more coins to that address.
- The one caveat to remember here, is that the giver can also restore the wallet, so this only works for family or if the receiver moves the coins to a new wallet.
- The lucky receiver can keep it, see the balance if you provide the address, or restore the wallet anytime.
he app is open source, which means it can be compiled and re-implemented by anyone with sufficient computer science knowledge. Furthermore, the encryption algorithm is also open source and many implementations can be used to decrypt the recovery phrase, as long as the passphrase is known.
Ciphergoat can export your encrypted recovery phrase in the form of a Secure QR Code - hence a SeQR Code. The SeQR code can be read by any QR scanning software, but the results is an encrypted sequence that cannot be read without unlocking the encryption. Ciphergoat can scan and import the information, but again, it cannot be read without the creator's passphrase. You are encouraged to keep this in any offline medium you like, e.g. engraved on metal. Find out more here.
Yes you can. After you encrypt your recovery seed phrase, you can export the SeQR Code into a pdf or png file which can be used as a template.