Will it be correct if I change “cold wallet” to “hardware wallet”? Do I need to install the seedkeeper if I have the satochip.io applet installed already? Will the satochip.io applet available at Fidesmo work with phone apps?
No. They are both SatoChip.io apps which is why we made the names make sense. Please check the updated names and descriptions in the Fidesmo app.
I need an explanation for dummies 
I read it, but I still don’t understand it
2 Likes
SatoChip is the cold wallet. It only works with certain desktop applications. SeedKeeper is for saving secrets–it works with Android phones but apparently not so well with iPhones.
Also, if English isn’t your (or anyone else’s) native language and you have a translation for something that tends to not make sense when using something like Google Translate, please let us know 
2 Likes
The Belgian company known as Satochip S.R.L. (https://satochip.io/) has partnered with us (VivoKey), and enables us to distribute some of their applet products:
- SatoChip (https://satochip.io/product/satochip/), the applet with the same name as the company. This applet enables your Apex to act as a hardware wallet for various cryptocurrencies.
- SeedKeeper (https://satochip.io/product/seedkeeper/), a separate applet which is essentially a password store, and has no direct connection to cryptocurrencies, but it can be (and usually is) used to store the passphrases/seeds of your cryptocurrency accounts.
In addition, the Satochip company offers a third applet, which we do not distribute for the Apex:
- SatoDime (https://satochip.io/product/satodime/), a “gift-card” kind of cryptocurrency cold storage, which is meant to be passed around between hands. Satochip and VivoKey evaluated this offering and concluded it does not make sense for chips which are not able to be passed around (Apex).
3 Likes
So in order to use my implant as a sole crypto wallet, I have to install both satochip and seedkeeper applets, right?
You would have to use SatoChip, yes, but can opt to store your wallet seedphrase wherever; on a USB drive, print it on a piece of paper, graffiti in on your bathroom wall - or use the SeedKeeper applet. However you should always keep the seed in a second place as well, if SeedKeeper corrupts or gets an update.
1 Like
So it’s possible to use both applets at the same time, then?
Yes, you can do that.
My personal choice (and the one I recommend to others) is to keep seed phrases and wallet recovery keys in a dedicated, cold-only KeePassXC database. I then use the HMAC-SHA1 applet on my VivoKey as one of the authentication factors for opening the database.
The benefits of this over storing the seed phrases directly on an Apex:
- Infinite storage. I don’t have to worry about running out of space on my VivoKey, either for the applet itself or for the secrets
- Eassier backup – While I have a lot of trust in my Apex, I know that it will fail someday. Hopefully that is many years away, but when it does fail, the failure mode will likely be one that prevents any recovery of information stored on the chip. With the HMAC-SHA + KeePassXC option, you have two choices for backup. Either install the HMAC applet on another JavaCard chip, or store the secret key you use when provisioning the applet.
There are some security implications. SeedKeeper has a much smaller userbase than KeePassXC, and thus is less likely to be targeted for explotitation. The fact that it is an implant in your hand means that any direct attacks on SeedKeeper almost certinaly involve either a compromised client application, or NFC signal interception. KeePassXC on the other hand is used by a significant number of peopel and more likely to be targeted. However, they have also undergone at least one comprehensive security audit (Windows client I beleive). The audit found no major issues and KeePassXC made a few improvements in response. All of the clients are open-source, and the underlying encryption is sound and well-tested.
3 Likes
How would you access the wallet in this case? Unlock the KeePassXC database to read out the seed phrase/wallet key, then somehow enter that over into a wallet application, and delete the wallet from it once done?
It depends on the type of wallet. I primarily use the seed keys only for recovery and let the hot wallet manage its own addresses on device. In the case where the device is lost, I can use the seed phrases as a recovery mechanism to regenerate the same wallets/addresses on a new device.
That does mean I have to enter the seed phrase manually. I would open the KeePassXC database on a cold laptop, typically via a Live Linux distribution, using my Apex as a factor, then manually type in the seed phrase or recovery key.
This flow is mostly for software wallets with transactional levels of crypto. I personally don’t see the benefit of an implantable, hardware based wallet, other than the “its cool” factor.
1 Like