Cold wallet and the air gap
An air gap is a permanent physical break between the device that holds your key and any network. Ownbit's cold wallet is a permanently offline phone whose only channel to the outside world is a human-readable QR code — nothing else crosses the gap.
What is an air-gapped signer?
The signing phone has its SIM removed and its saved Wi-Fi cleared, so it has no network channel at all. A remote attacker cannot reach it, and it cannot send your private key anywhere. It receives unsigned transactions as QR codes, signs them offline, and emits the signature as a QR code. This rules out an entire class of attack — remote intrusion, background exfiltration, and cloud-backup leaks.
Why QR codes instead of USB or Bluetooth?
QR is a one-directional, human-inspectable channel. Its contents decode entirely to plaintext, so you can review exactly what crosses the gap — one QR type carries a coin's public key/address, another carries a transaction's signature. There is no hidden proprietary protocol and no cable or radio that could carry a covert two-way channel. The decoding rules are published at bb_sign_encoding.txt.
What the air gap does and does not remove
The air gap removes remote attacks and opaque-channel data smuggling at the plaintext level. It does not, by itself, remove every risk: a malicious or buggy signer could in theory manipulate the signature's random nonce to leak key material inside a normal-looking signature, and you must trust that the app you installed is the genuine build. Those residual risks, and how Ownbit bounds them, are covered in the threat model.
Frequently asked questions
What is an air-gapped wallet?
A wallet whose signing device is permanently offline, with no network connection. Ownbit's cold wallet is air-gapped: it exchanges only plaintext QR codes with an online watch-only wallet.
Can data be hidden inside the QR codes?
The QR contents decode fully to plaintext you can inspect line by line using the published encoding, so no private data is smuggled at the plaintext level. The one theoretical exception — nonce manipulation inside a signature — is addressed in the threat model and verify-it-yourself pages.
Is a cold wallet the same as a hardware wallet?
It serves the same purpose — keeping the key offline — using a spare phone instead of dedicated hardware. See the security model for an honest hardware-vs-Ownbit comparison framed as trade-offs, not superiority.
Last updated:
Download Ownbit
Install the app, then set up a cold wallet or MultiSig for the workflow you need.