PrivateKeyVault
Make Instructions: Airgapped raspberry pi computer for working with blockchains featuring LUKS full disk encryption and using qr-codes to pass encrypted files and offline transaction instructions across the airgap.
Install / Use
/learn @johnshearing/PrivateKeyVaultREADME
<a href="https://johnshearing.github.io/">Main list of projects</a>
Private Key Vault - Click for Open Source Make Instructions
Airgapped raspberry pi computer with touch screen and camera
Featuring LUKS full disk encryption
For secure offline blockchain transactions and for secure encrypted messaging
Move files across the airgap to other devices using QR-Codes
<img src="/images/ReadmeImages/FiredUp.jpg">Does anything a regular computer does and more.
Full disk encryption keeps your private keys and personal information safe in case the device is stolen.
Easily clone the micro SD card with all the encryption intact using only the Private Key Vault to do the cloning.
So there is never a need to put your SD card into any other device.
Use it to:
- Securely move assets on the Ethereum blockchain without exposing your private keys to any other device.
- Work on airgapped IOTA wallet has been started.
- Securely read and edit all types of files behind the airgap where remote viewing and key logging is not possible.
- No WiFi, No BlueTooth, No Cables, No USB ThumbDrives
- Move files across the airgap to other devices using QR-Codes
- GPG encrypted messaging is easy using this device.
- Crypto-Journalism: Now anyone can safely create a journalistic body of work and prove that they authored the entire work and that it has not been tampered with all while allowing the author to remain anonymous if he or she so chooses. Protected sources. No more fake news.
- Added Value For People In Developing Countries The PrivateKeyVault is the cheapest computer you can have and it does double duty as a regular Internet connected computer simply by swapping out the encrypted micro SD card containing private information with another one set up for business, education, browsing, and casual use. Now, not only can everyone with Internet reach our planet wide distributed public ledgers - Finally they can learn to use them.
The raspberry pi is for getting the world on computers.
The PrivateKeyVault is for getting the world on blockchains.
What's In It For You?-----What's In It For Me?-----What's In It For Us?
All you really need is a raspberry pi 2, a raspberry pi camera, a micro SD card and an AC power supply.
You probably have a keyboard, mouse, and monitor laying around already.
You are responsible for making sure there are no keyloggers or radio transmitters installed on any of these devices.
So click here if you just want to install the software on your raspberry pi
Or continue reading if you would like to build the device as it is shown here.
<hr><a href="https://youtu.be/T9qtRytdffU" target="_blank"><img src="/images/ReadmeImages/Wiring.jpg"
alt="Image of Vault closed showing all components and wiring" /></a>
Click image above to see YouTube video showing how to: Open the device, Power up, Shutdown, Power off, and Pack up.
Computer and keyboard store in a transparent tamper evident case which can not be opened without the owner knowing the device has been tampered with.
<hr><a href="https://youtu.be/3MwJOj3t8cI" target="_blank"><img src="/images/ReadmeImages/PassingDataToPhone.jpg"
alt="Image of Vault passing qr-code to phone" /></a>
Click on image above to see a YouTube video showing how files are passed out of the PrivateKeyVault to a phone.
Transparent case facilitates transfer of files and transaction instructions out of the Vault across the airgap using a parade of qr-codes flashed across the screen which are received by the phone's camera. The reverse process transfers files into the Vault from the phone. Click here to see that. The device has no WiFi or BlueTooth and it is never connected to another computer - not by cable, not by thumbdrive, nor by any other means. All data moving in or out of the device stands for inspection and approval before crossing the airgap.
This is the fully open source documentation of the physical build and all the software.
CorelDraw files are included for laser cutting the case
You don't need the transparent case for your PrivateKeyVault, but it's nice and it solves a lot of problems.
All you really need is a Pi 2, a Pi camera, a micro SD card, and an AC adaptor for power.
You probably have a mouse, screen and keyboard laying around already.
You are responsible for making sure there are no keyloggers or radio transmitters installed on any of these devices.
So click here if you just want to install the software on your raspberry pi
Wiring Instructions
As mentioned above you don't need battery power provided by all the special wiring. An AC adaptor is enough to power a basic raspberry pi. But battery power is nice so follow the link above if you would like battery power for your PrivateKeyVault.
This Video shows how an offline transaction is made on the Ethereum blockchain using the first prototype of the PrivateKeyVault. The procedure for making an offline transaction using the newer Vault or using a plain raspberry pi 2 is still the same so have a look if you want to see how an offline transaction is made on the Ethereum blockchain.
Basic support for the IOTA tangle at the NodeJS console is here.
A client/server multi-signature wallet suitable for government, enterprise, and individuals is under construction.
The PrivateKeyVault has a touchscreen on one side, and a camera on the back. It is battery powered or powered by AC. The unit is self-contained. Everything required to make keypairs, make keystore files, and make encrypted offline transaction instructions is built into the machine. So there is never a need to show your private keys to any other device. There is no WiFi nor Bluetooth - just a camera, a touch screen, and a keyboard for input and qr-codes displayed on the screen for output. Account numbers are scanned in through the camera in the form of qr-codes or entered manually through on the keyboard. Encrypted transaction instructions are displayed on the touch screen in the form of qr-codes to be scanned into a smartphone. A smartphone scans the qr-code containing the encrypted instructions and broadcasts those instructions to the Ethereum blockchain. If the miners can decrypt your transaction instructions using your public key then they know that you are in possession of the private key without needing to see it. It is easy and quick to use but is also as safe as any cold storage method because all work with the private keys are done on this air-gapped machine and never shown to any other device. And because you never plug into a computer as is required with hardware wallets, you never have to worry about key loggers, remote viewing or remote control, nor do you need to worry about unknowingly transacting with a phony website pretending to be the digital wallet you normally use.
The PrivateKeyVault is fully compatible with LUKS full disk encryption and instructions are provided below to encrypt the SD card containing your operating system and all your data. So the Vault can be used to store all your sensitive files and all your secret passwords.
Finally, GPG comes installed with the Raspbian OS so the PrivateKeyVault can be used for secure encrypted messaging and for digitally signing documents. Any size file can be passed across the airgap via qr-codes so there is never a need to connect with other devices. This video shows how to work with GPG encrypted messaging on the PrivateKeyVault. The USB ports are only used to plug in the secure keyboard and for cloning the SD card containing the operating system and all your encrypted data.
When people read or write encrypted messages on devices that connect to the Internet or that connect with other devices, bad actors don't even need to break the encryption - all they need do is install remote viewing software or key loggers via the Internet or via some infected device. Then they can read the message at the same time you re
Security Score
Audited on Dec 3, 2025