Security You Control — Ciphertext Only
MyColdKey never stores or transmits a readable seed phrase, password, or note.
Everything is encrypted locally on your device before it ever leaves your machine.
What you store is always ciphertext.
Your data stays encrypted. Encryption and decryption happen locally on your device.
You recover with your encrypted backup + password — no MyColdKey servers required.
Your control, by design
What actually protects you when it matters most.
You Own Your Recovery
Offline recovery with your encrypted backup and password. No login required.
The Self-Contained Recovery Kit you export works completely standalone on any air-gapped machine.
Sovereign Mode (Pro)
Keep server access off by default. You control when (if ever) the app briefly connects.
30-minute access windows are in-memory only and clear on restart.
Encrypted on Your Device
Argon2id + AES-256-GCM happens locally. Plaintext never leaves your machine.
Cloud+ stores ciphertext only — we never see your vault password or data.
How MyColdKey fits into your protection strategy
Redundant encrypted copies
Add encrypted copies alongside your hardware wallet and existing backups. You hold the only keys.
Air-gapped recovery
Recover offline on an air-gapped machine with the free recovery tools or the Self-Contained Recovery Kit.
One layer for all secrets
Works for seed phrases, passwords, keys, and notes — one consistent recovery model.
Portable encrypted copies
Encrypted QR copies can be physically distributed or stored anywhere — they reveal nothing without your password.
Threat model + limits
What this protects you from — and what it does not.
Protects you from
- Stolen backup copies (ciphertext only)
- Device loss or failure
- Vendor disappearance
- Cloud provider breach (Cloud+ is also ciphertext)
Does not protect you from
- Weak or reused passwords
- Physical coercion or compromised local device
- Human error (losing your password)
How encryption works on your device
All encryption happens locally using Argon2id key derivation + AES-256-GCM authenticated encryption + HMAC-SHA256 tamper detection. Your password never leaves your device. Plaintext never touches disk or the network.
Activation
Standard online activation fits most setups. Air-gapped import with Sovereign Mode fits maximum isolation.
Standard activation (online)
- Sign in once to link and restore your license on this device.
- Recovery still runs completely offline with your encrypted backup and password.
Air-gapped activation
- Purchase where you have connectivity, then import the license file on the offline machine.
- Often combined with Sovereign Mode for long-running offline use.
Verification
GitHub Releases include installers, standalone offline decrypt tools, and checksums.txt (SHA-256). You can always verify the binaries before installing.
The Self-Contained Recovery Kit you export from the app includes offline recovery tools and step-by-step instructions.
Password hygiene
Your password is the key to recovery. Treat it like a recovery-critical secret.
- Use a long, unique passphrase to resist offline guessing.
- Store your password separately from your encrypted backups.
- Test recovery with non-critical data before relying on it for real funds.
FAQ
What if MyColdKey is unavailable?
Do I need to log in to recover?
What if I lose the password?
Can I test recovery before trusting it?
How many layers protect my data?
Backed by open-source verification tools on GitHub. Checksums provided. You control the keys — always.
See pricing Offline recovery guide