passphrase (Passphrase) is a high-level security protection mechanism provided by UKey hardware wallet. By appending a user-defined string to the standard seed phrase (Recovery Phrase), the system will derive a new, completely independent set of accounts through cryptographic algorithms. This document aims to elaborate on the working principle of passphrase and its standardized configuration process on UKey devices.
1. Technical concept of passphrase (Passphrase)
In the industry-standard BIP39 protocol, 12 to 24 English words are typically used as seed phrase to restore wallets. The passphrase mechanism is based on the introduction of the "13th" or "25th" vocabulary as an additional encryption salt (Salt).
core logic: After passphrase is combined with standard seed phrase, a new root key (Root Key) different from the original seed phrase will be generated at the bottom layer.
Security advantages: This means that even if an attacker obtains your standard seed phrase plaintext, as long as he does not master the passphrase you set, he will never be able to access the assets in the hidden wallet.
Highly customizable: passphrase is not restricted by standard vocabulary and can be composed of specified letters, numbers and symbols, which greatly increases the difficulty of brute force cracking.
underlying derivation formula: 标准助记词 (Recovery Phrase) + 自定义密码短语 (Passphrase) = 独立的隐藏钱包 (Hidden Wallet)
2. Enabledpassphrase and creating a hidden wallet
UKey official security warning: passphraseWon'tis recorded in the hardware wallet's native security chip, alsoUnableRetrieval via regular seed phrasebackup. Once forgotten, you will permanently lose access to this hidden wallet and the assets within it. UKey officials cannot assist restore with any technical means, please be sure to keep it properly.
Step 1: Enabled function on the hardware device side
Please enable passphrase support on UKey hardware wallet according to your device model:
UKey Lite Series:Enter in sequence【Settings】 -> 【Safety】 -> 【passphrase】, switches the status to "on".
UKey Core Series:Enter in sequence【Settings】 -> 【wallet】 -> 【passphrase】, switches the status to "on".
Step 2: Connect to UKey Wallet client
Use the original USB data cable to connect the UKey hardware wallet to the computer.
Launch desktop or browser extension versionUKey Wallet。
Click the account name at the top of the interface and select from the drop-down menu【Add wallet】。
choose【Connect hardware wallet (Connect hardware wallet)】, complete basic device identification.
Step 3: Create and verify the hidden wallet
In the client account list, click your device options and click on the right【Edit】button.
Select in the management interface【Add Hidden Wallet】。
Enter your customized passphrase according to the system prompts, and carefully check and confirm on the UKey hardware device screen.
Specifications:passphrase maximum length support50 characters, allowing the use of the standard ASCII character set (codes 32-126, including uppercase and lowercase letters, numbers, and common punctuation marks).
After confirming that everything is correct, click "Finish" and the system will generate and load your hidden wallet.
3. Hidden wallet and PIN code binding function (PIN-linked Passphrase)
In order to optimize the experience of daily high-frequency use, UKey Wallet (version number ≥ 1.1.0) supports binding a specific passphrase with a dedicated power-on PIN code.
Function description: After binding, when you turn on or unlock the device, enter the regular PIN code to enter the standard wallet; enter the dedicated hidden PIN code to directly unlock the corresponding hidden wallet, without the need to manually enter complex passphrase characters every time.
Device support: Currently, UKey Lite 25 and UKey Lite 24 and other models support this function, and a single physical device supports the maximum configuration3 groupsHide wallet PIN.
4. Frequently Asked Questions (FAQ)
Q1: If I lose my UKey hardware wallet device, can I still retrieve the assets in the hidden wallet?As long as your backup data is intact, your assets are absolutely safe. All you need to do is get a new UKey hardware device (or other hardware compatible with this standard) and perform the following steps:
Import the original standard seed phrase.
Turn on the "passphrase" feature on the new device.
Enter passphrase exactly as you set it previously (case and space sensitive). Once the operation is completed, the hidden wallet will be perfect for restore.
Q2: Why can’t I see the hidden wallet when connecting to a third-party software wallet?Some third-party Web3 client software (DApp interactive tools) have not yet fully adapted to the advanced features of passphrase. If the target client does not support entering Passphrase, the system will read your standard wallet address by default. In this case, you need to manage your funds through the UKey Wallet client.
Q3: What are the specific application scenarios for using the passphrase mechanism?
Plausible Deniability: When faced with physical coercion and required to hand over assets, you can only provide seed phrase in a standard wallet (containing a small amount of funds), and hide large amounts of assets in an account protected by passphrase, thus effectively ensuring the safety of your personal and core assets.
Account physical isolation: Based on the same group of seed phrase, you can use Settings to multiple different passphrase to infinitely derive mutually isolated business accounts to meet different fund management and reconciliation needs.