An encrypted, air-gapped Linux bootable USB drive for Cardano & other cryptocurrency secure operations

• Who needs it?
• How to use this guide
  • Disclaimer
  • Found an error, or want to make a suggestion?
• Where to begin?

Who needs it?

• Anyone working directly with cryptocurrency private keys or seed phrases (e.g. for Cardano, Bitcoin or Ethereum or other cryptocurrency addresses) or other high value resources targeted by hackers (e.g., Ada stake pool keys).

• Anyone wishing to work in high security with these resources without either of these usual requirements:
  • a second computer, often called a cold or air gapped machine, for the sole purpose of storing keys, signing transactions, and other secure operations.
  • a hardware wallet with a fixed environment supporting these operations (these devices often have well supported feature sets, although with high price tags and proprietary design).

• Anyone wanting or needing direct access to all their own files on their main computer, in an air-gapped and securely prepared environment, while working with high security data.

• Anyone who cannot afford — either financially or logistically (e.g. frequent travellers) — a second machine or hardware wallet.

• Anyone who finds the small form factor of a hardware wallet appealing, and has wondered how you might get the same (or more diverse) features on a cheap, ordinary memory stick.

• Anyone who has wished they could have a full featured operating system — with general purpose software, including the ability to edit & save encrypted key files, archives and other records — on their premium hardware wallet.

• Anyone using memory sticks to store or back up private keys — for bare addresses or assets like stake pool pledges & smart contract accounts — who has worried about an unencrypted memory stick being lost or stolen.

• Anyone wishing for an option for an off-site backup of their keys, wallet seed phrases, and other cryptocurrency asset records… given that AES based encryption is considered unbreakable when properly used.

How to use this guide

Most readers interested in this subject will already know how to:

1. install Linux (our reference is Ubuntu 24.04, chosen based on popularity and especially to match the majority of Cardano stake pool & other servers)
2. use the Linux command line
3. (according to usage & security requirements) install CLI software (e.g. cardano-cli) or light (browser-based) wallets for your preferred blockchain(s)

Therefore, please be familiar with at least #1 and #2 above, so we can focus on:

• particular installation procedures & parameters to ensure an encrypted OS partition (and, where possible, an encrypted boot partition);
• a model for secure workflow: to allow common tasks to be done repeatedly in the Frankenwallet, while allowing the data & procedures for these tasks to be recorded, stored, and backed up on the host machine;
• OS and application security tuning: in case the chosen security configuration permits restricted Internet access (for blockchain synchronisation, dApp access, and/or software upgrades).

Disclaimer

use at your own risk

Nobody can anticipate the wide range of adversaries, attack methods, and operator errors which might lead to the loss of your privacy and/or funds even if you follow this security model. This material is a “best guess” tradeoff between security and convenience.

The fact that the original author, and any contributors thereafter, have taken responsibility for maintaining and improving this material does not imply any responsibility for losses that may happen to you: as you use this material — as we always should in this field — entirely at your own risk.

Details: CC BY-SA 4.0 Legal Code > Section 5 – Disclaimer of Warranties and Limitation of Liability

Found an error, or want to make a suggestion?

Head over the the Frankenwallet repository (linked in the upper right hand corner) and submit:

• an Issue (to discuss a matter of form or content):
• a Pull Request (to submit a particular change: generally after submitting an Issue first)

Keep in mind this material is under construction until further notice, with calls for community comments planned for late May 2025: so to avoid duplication of effort, please save issues & change requests until then.

The goal will be to keep refining not only the instructions but the guides themselves: most importantly, the security standards.  If you have a well defined suggestion or correction, please post it on the repository when the community feedback period is announced (in mid-2025).

Where to begin?

History & motivation for the Frankenwallet

Begin creating your device

Site last built: 10 June 2025 at 21:01 UTC