Secure offline setup of AirGap for Acurast (Acurast Canary)

In order to have a bulletproof setup for Acurast (Acurast Canary) signers / custodians, we ask you to do the following AirGap setup and to strictly follow the offline policy for the seed phrase.

AirGap is a self-custody solution, developed by Papers AG, with a two-device approach:

• Offline signer holding the private keys
• Online wallet to execute transactions

Signing payloads are transported via QR codes.

---

1. Make the offline phone ready and install AirGap Vault

info

You can also download AirGap Vault from the Google Play or Apple App store and take the phone offline afterwards.

For the best possible security, follow the steps below.

1. Get a new phone that will only be used for offline signing and never has a connection to the internet.
   • We recommend an Android phone.
   • Also get a fresh USB stick which you can connect to the phone.
2. You don't need to log in to a Google Account, but you need to set a PIN code, pattern, fingerprint or face-id for your device.
3. Start the phone and update it to the latest OS.
4. Take the phone offline, remove all previous Wi-Fi connections (so it can't connect accidentally), and set it to Airplane Mode.
5. Download the latest AirGap Vault APK from GitHub: https://github.com/airgap-it/airgap-vault/releases and move it to the USB stick.
6. Plug it in and install the APK on your phone, give the necessary permissions.

---

2. Install AirGap Wallet on the online phone

7. On the online phone, install AirGap Wallet from the Google Play Store or Apple App Store:
   • https://play.google.com/store/apps/details?id=it.airgap.wallet
   • https://play.google.com/store/apps/details?id=it.airgap.wallet

---

3. Generate a new secret

8. Open the AirGap Vault app, skip through the initial messages and accept the disclaimer.
9. Select the offline configuration and skip to the screen where you can generate a new secret.
10. Select Generate and give permissions for camera and microphone.
11. Go through the entropy generation process (touch, gyro, camera, mic).
12. Write down the secret recovery seed phrase and store it according to best practices.
    • ❌ Do not store the seed phrase on an online device.
    • ❌ Do not store it in an online password manager.
13. Verify the written-down recovery seed phrase.
14. Set an encryption password and ensure you always remember it.
    • ✅ You may use a password manager here (but never store the seed in it).

---

4. Generate an Acurast (Acurast Canary) account and sync with AirGap Wallet

15. Add an Acurast (Acurast Canary) account and confirm with your encryption password and the device PIN. A new Acurast (Acurast Canary) address will be generated.
16. Click on the new Acurast (Acurast Canary) account, then click on the AirGap Wallet button → a QR code will be displayed.
17. Open AirGap Wallet and scan the QR code of the offline device.
    • The account’s public key will be imported into your AirGap Wallet.

---

5. Verify the recovery

18. In AirGap Vault, go back to the main screen.
19. Click on the card of the newly generated secret.
20. Tap on the 3-dot menu → Secret management → scroll down and select Delete → Confirm Secret Removal.
    • The secret is now wiped from the offline phone.
21. Go back to the main screen and select Import.
22. Import the secret recovery phrase from your written notes.
23. Set the same encryption password as before.
24. Once done, generate an Acurast (Acurast Canary) account.
25. Compare the recovered account to the account synced in step 17.
    • ✅ If they match → recovery successful.
    • ❌ If not → delete and start again from step 10.

---

Important to know

1. The encryption password set in step 14 will determine the derived account.
   • If you forget it, recovery is impossible even with the seed phrase.
2. Follow best practices when storing the seed phrase:
   • Example: metal plate in safe, paper note in safe, ensure you can identify the right seed.
3. Do not store the encryption password in the same place as the recovery seed.
4. More docs: https://support.airgap.it/
5. NEVER connect your offline phone to the internet.
   • If you must, first completely remove the secret from the phone.
6. If you need to copy the account address, copy it from the online phone with AirGap Wallet.

---

Resources

• Step by step setup guide: https://support.airgap.it/guides/step-by-step-guide/
• GitHub AirGap Vault: https://github.com/airgap-it/airgap-vault/releases
• GitHub AirGap Wallet: https://github.com/airgap-it/airgap-wallet/releases
• Google Play AirGap Wallet: https://play.google.com/store/apps/details?id=it.airgap.wallet
• Google Play AirGap Vault: https://play.google.com/store/apps/details?id=it.airgap.vault