Understanding cold storage wallets, and why they don't need to be so cold

If you've dabbled in the cryptocurrency world, you'll probably hear about "hot" and "cold" wallets - "hot" basically meaning a wallet that is connected to the world and currently in use, and "cold" meaning a wallet that is disconnected and must be re-connected in some way to make it "hot" again.

It's pretty easy to make a cold wallet. Basically all you need to do is write down a 12-word mnemonic (for example, "correct horse battery staple correct horse battery staple correct horse battery staple") onto a piece of physical paper, and then put that piece of paper somewhere secure. Or you could write out the Wallet Import Format for a private key onto that piece of paper. You can also run some offline wallet software, and just run it on a dedicated laptop or computer that you keep offline. Or you can pay some money and get your hands on a hardware wallet like a Trezor or Ledger.

All of these come with risks. If your house burns down, you'd better hope a copy of your cold wallet is stored somewhere safe in another building. You'd also better not let your cold wallet be accessible to any thieves, should they know what they're looking at if they find it.

But let's look at what the goal of making a "cold" wallet is - you would make a "cold" wallet because you want to make sure that no-one can access it but you. Only the holder of the actual piece of paper that you've written it on, or the offline computer you put it in, or the hardware wallet you loaded it in to, can actually access it. The actual goal here is not to really to keep it totally offline, it's to have assurance that only you can access it.

Now with Signata we wanted to try to sit somewhere in the middle between "hot" and "cold" storage of cryptocurrency ("warm", if you will). We designed it so you can happily leave your cryptocurrency stored in Signata, connected to the internet and stored on our servers, but have the assurance that your keys cannot be accessed unless you've got your YubiKey plugged in and you've also provided your PIN. The way we've done this is relatively straightforward - we simply use an encryption key stored on your YubiKey to encrypt all of your cryptocurrency keys, thus ensuring that you need the same YubiKey to decrypt them and use them again.

For those who've used other wallet products, you'll be the first to point out this isn't anything new - there are plenty of other wallet products that have integration with hard wallets like Trezors and Ledgers, letting you plug them in and authorise transactions of your crypto assets. What's different here is you don't need those expensive additional products - we picked YubiKeys for Signata because they are just as capable and strong for encrypting data for storage, and they cost a fraction of the price of dedicated hardware wallets. Not only are they cheaper, but you can also do way more stuff with them. You can take advantage of the FIDO authentication capabilities to go and 2FA your online accounts. You can use them to authenticate to your desktop computer. They need no batteries, and they're super tough.

Some of you keen readers will note that it's not quite the same - products like Trezors actually store the private keys of your cryptocurrency on the physical device. We don't do that, as YubiKeys can't really do that beyond more than just a couple of addresses, so instead we use an intermediary key to do all of that crypto heavy lifting, still giving a strong assurance of confidentiality of the encrypted data.

With some YubiKey models you can even plug them into your phone, giving you the same hardware assurance for 2FA access to important apps. They're such highly capable devices, which is why it only makes sense that we give you the ability to interact with cryptocurrency with them on top of everything else you do to protect your digital life.

If you're not sure which YubiKey to get for Signata, we've got a handy list you can find by clicking here.

So, if you're looking for a cold storage-like capability for your cryptocurrency, and you've got a YubiKey, why not try Signata? It's free to sign up, free to set up your YubiKey, and we'll even throw in some free transfer tokens so you can try it out without paying anything. Oh and XRP is totally free to use with it as well!

Timothy Quinn

Timothy Quinn

Managing Director of Congruent Labs