除了發布開源代碼、原理設計圖和代碼審計報告之外，Keystone 還通過二維碼公開透明的特點，增加了“可審計”性。產品已經在硬件設計上屏蔽了所有“不可審計”的輸出端口，如藍牙、WiFi、USB接口、NFC 等其他不透明的數據傳輸接口，因為通過這些接口，用戶很難去驗證硬件錢包是否對外傳輸了私鑰等敏感信息。

Keystone 硬件錢包如何創建交易

硬件錢包由於不聯網的特性，因此無法單獨構造交易，需要一個移動端 App（熱端錢包）一起配合使用。因為私鑰始終保存在離線設備中，所以移動設備無論損壞或丟失，都不會影響到資產安全。

交易會通過二維碼在移動端設備和 Keystone 硬件錢包進行數據傳輸，最終被創建和簽署。以下是詳細步驟：

1. 我們在移動端 App（熱端）上創建一筆待簽名交易，這筆交易數據體現為二維碼；
2. Keystone 硬件錢包（冷端）通過相機掃描熱端二維碼獲取數據；
3. 然後在冷端上用觸摸屏確認交易並簽名生成簽名數據，同樣體現為二維碼；
4. 熱端通過相機掃描冷端屏幕展示的二維碼獲取數據；
5. 熱端廣播交易到區塊鍊網絡。

如何“查验” Keystone 硬件錢包二維碼內包含的內容？

我們始終相信二維碼不僅具備很高的安全性，同時也是在離線冷儲存中最公開透明的一種介質。

目前 Keystone 硬件錢包正在使用 BC-UR 對 QR 碼進行編碼/解碼。可以點擊鏈接來獲取更多詳細的信息：
https://github.com/BlockchainCommons/Research/blob/master/papers/bcr-2020-005-ur.md

如果想根究 Github 上的教程去操作，用戶需要有能力用一種易於理解的方式來解碼 Keystone 上二維碼的內容，並同時可以向用戶展示每次在向熱段 APP 傳送了哪些內容，從而用戶可以基於此進行驗證，來看一下 Keystone 硬件錢包到底有沒有对敏感信息進行秘密傳輸。

要執行整個過程需滿足以下先決條件：

1. 安裝 Google Protobuf compiler.

在 Unbutu 上，可以通過下面的代碼進行安裝：

sudo apt install protobuf-compiler

在 macOS 上可以通過以下代碼進行安裝：

brew install protobuf

2. 安裝 Python API 客戶端，假設您使用 python3 ，則可以通過以下代碼進行安裝：

pip3 install --upgrade google-api-python-client

3. 執行（如果沒有則安裝）make 來構建 proto3 所需的 python 模塊。

滿足以上條件後，接下來可以通過以下步驟來驗證 Keystone 硬件錢包向 Keystone 熱端 APP 傳輸的二維碼包含的內容，同樣也支持反向操作的驗證。

1. 選擇你喜歡的數字貨幣創建一筆交易。

2. 選擇一個二維碼掃描工具掃描出現的動態二維碼，推薦 QR Journal 這個工具。請注意：由於二維碼是動態二維碼，所以需要使用 QR Journal 不停掃描二維碼，掃描成功的次數越多，後面才會增加解析成功的概率。

3. 將每次通過 QR Journal 解析成功的所有二維碼文本內容保存到一個新的文件中。可以參考下面的內容展示：

UR:BYTES/1-2/LPADAOCFAXLDCYKKKGJPROHKADSKHKAXLNCTLUAYAEAEAEAEAEAEAEHLTYSOPLVLFYCSAHHNFELAJYBZFZNBRKIMYKLEHLQDRKWEROFNTYTDGLESPAFNRECAFRWNPFWFBBGWJNMSVDINSRPFFWBNBDNNMWEMFZYAPKBYUOJTPTCKVTTEESVDPELTUTVLEMFERFJYFSPLVOWSNYENSSGYZTZSWSLTLTUTVLAXKPHNLOVLHPLNKSZCTSSRZETSUTZEEOUEFTKBRKKGZCVLJTZMONZSAAVTNDOSRLTKWSBYTKYKBETILOSFAEWEAOTDFNUTJKLYKTTEMKMSSONBKTTLGRASMYYLLAREKNNBGMZTFDTIFSTSIMZTFYJSMTRPFDKOCKLPWDOESFYACSLDRPECMTOXHEDYYTLYRLZCPFOYMWASDYPSWSHYIAWYLFUTBGFYOTJLDKBGTKNTRKVTTLJTZMUYLNBYDWJSSRZTQZUYLBREHSRTNDDIZSONVAPDONZCVTJOCPWDHDRTONHYGLJSLESTTEHKAMFTNTGMDRVEYAEYEYWFJZOYLUMHBSPRONJEHDCSOEHFESCTHNLGVWTTWMCAROLFGUMKKNPRMDHPGROLBSDETOGLWDECCPFYMHGDWMDPEOVACKWKKPTTVOGEIMHEKIPAZMZCESNYVLQDVAVDUTZEWMBSCYAOGDDLESESLFMNCWBGPTCXLTNSTNNLKBSTJSDWOTGLJZHNHYHPTNENVEHFCPLRHFSEKTGATSHSEMSTCKTAONFYDKCKGSIMNLBNWMOEREGLKTKTHFLUIYWLHHTDCPVDGDFWESCAGOMWLFTPGDCLCHNLFEHSDELECYNBEOZCCLNSTKBYIOLEZMHGREKKHYIMMHGOAHGLBGVSMKDMUYGRNYIEDAWPBGFGPKDTLNTPCMGDBTCFNNMTFEHHJS
UR:BYTES/2-2/LPAOAOCFAXLDCYKKKGJPROHKADSKMURKLDDKVYCPLOSFEEFYBDEYGHIEIDDNGMLKSFJNSPFMCSRYHPPALNKNSFGHIMOEDYIHHNIYQDHSLRIYCYCHYLGHWYGAFRNYWLFDHNGOWNHDJZNYVDUTDENEWPVAWTEYCYRHLTSFAYBGOYFRLSTECFBKCXBZJODLHHZORFQZTAMTCWJLVYGOAOKKHGFGDPBSFDSWVARYGEIYMUMNDPZSTLFHCFIDBNEOFGJETBMHRKCMCLIHSWNYTEUTPFKGRSINJKFYJOBWGELFWLDYTYWPECGMWEAMBGZTLNYTIALUSWRDRFTEFMPLBKKBGHMDCMLKCHCACTWZMTSAPKPDCWWFTLRNTLPYSBNTINJSDTJZFHGOEYOTDRVAISBABYNNMEGARKKKGSCEPEDEFEAEVAQDGDHSHDFYDSDPWTVTIYDABAGLESHDTSIHGUMHTEDEAONDAOMDJYWNBKRTDYRLPKCKWDKPWFFNDLSTRHVSNEDWATRFVEAEMOSNSKFWFHCPDWDWGHTOLDRTLTDTURRKJNHDRLVAJYCKAHMNGODEGYGRCWQZFDFMHSKGKNWEESESFYNYTBKTMSFNBBVDRECWFNPTCLTPGLECLUNBJZHHRHPTMECTWDPSPENYEYGTBKWFWDCERPCLPDBYLTEMTODLCWATRYQDENTOBSZOZCTEGULGURCHKBLRZOLBDTTIESMEHLBTIAKIBBEEPAFYJSECDADYCASGKEIMKNKKWTAOMYGTDYPDTASWPKBTRKCPSFTEWDHDCMLUGMRETSCANYRPVSGLPEKIDLWSCNOTVWNLPFCFSPEYJZDNAMLPDTGRNTJLJNAYMURPDIDNMOCWMYMHRSJNCHZEZCNETNVYWNRSGWGAVSRDROWDEOZMZCFHTEHTSBURPYAAAEAEAEZSCSSTTN
UR:BYTES/5-2/LPAHAOCFAXLDCYKKKGJPROHKADSKSGROBSFRIMDRLOSFEEFYBDEYGHESRPVOZTJLLOKPSNHYHLFSDLOXSWTNKTFMNEDEJNTBUYLUBDHLGDQZGHDMFGISHPGHAEJEHKRKJYCYNSTKLUWFDKJNIMMUVDKSIEAHHTFPDPUTTYKEAYDAIAAECXWEMYMOPMSFJERNAERTVEETYTLAKGIASWDEPYRFSALOTKCWAHRNFHAMCWJNKOKEPMSATOOYWZVENDMDVWGLLYISNYCKFRKKRYCPBZLYRKLDVSVLSTUOONMUDSSKSSFNRYNNWEWMBEDMRDDKBEBKPAINDKFYYLBAKIPYCTNSNLKGMSPDIHGMSSFMVOKSDSDKRSFWMETNHLDNCLATEMWLTLYLZEHPEYJLUEFRLTFTTOKKFWYAZOVYCTLDTTASTBCTRSFHFRPKOXWTVOOXSKGEDRHHYNSKJZLPLNZEDWWFLRLEDMVERLBTRNCWGWAOSBUEJSGMASNLSOJLCEBZLBHHDAHFRFRTEMMULUEOREVWZMKPGMWKBBMOPMSNDILDHEPYUYFLZMMNBKFNWTFXASGURHVOJSCLADYNNEFNTDDKZTCSLPWSWEMNLYRFZERYEOLYWSMTOXAEPTVEZTBNGMLROEYTWKHDTNGRTIATHNPSMSPMGAUOMELUIELRDESPSWYTHFRFDWSFHETYSSWDTTAXSSAHTSOXKEVLWFGAFLHFDWCLRTEOKSGHWSCTPYAXSEIYFHGLDRPYBTDYDIIAROLEDMJSKELFMNBWYLFDGOURADZSOTSKDASALYMTZTHEQZNSLGNYLBPMCYRNPFBTEYSEMKBWKGPRFXVEADSELTTKHYYKPRDRVSFTYKMEJOSTBKBBGAMWJNSGURPEVLHGTSIOEOWNCPMNCMBWWSKKKKJKGTATRYGHBTCFNNQZPRSBAD
UR:BYTES/7-2/LPATAOCFAXLDCYKKKGJPROHKADSKMURKLDDKVYCPLOSFEEFYBDEYGHIEIDDNGMLKSFJNSPFMCSRYHPPALNKNSFGHIMOEDYIHHNIYQDHSLRIYCYCHYLGHWYGAFRNYWLFDHNGOWNHDJZNYVDUTDENEWPVAWTEYCYRHLTSFAYBGOYFRLSTECFBKCXBZJODLHHZORFQZTAMTCWJLVYGOAOKKHGFGDPBSFDSWVARYGEIYMUMNDPZSTLFHCFIDBNEOFGJETBMHRKCMCLIHSWNYTEUTPFKGRSINJKFYJOBWGELFWLDYTYWPECGMWEAMBGZTLNYTIALUSWRDRFTEFMPLBKKBGHMDCMLKCHCACTWZMTSAPKPDCWWFTLRNTLPYSBNTINJSDTJZFHGOEYOTDRVAISBABYNNMEGARKKKGSCEPEDEFEAEVAQDGDHSHDFYDSDPWTVTIYDABAGLESHDTSIHGUMHTEDEAONDAOMDJYWNBKRTDYRLPKCKWDKPWFFNDLSTRHVSNEDWATRFVEAEMOSNSKFWFHCPDWDWGHTOLDRTLTDTURRKJNHDRLVAJYCKAHMNGODEGYGRCWQZFDFMHSKGKNWEESESFYNYTBKTMSFNBBVDRECWFNPTCLTPGLECLUNBJZHHRHPTMECTWDPSPENYEYGTBKWFWDCERPCLPDBYLTEMTODLCWATRYQDENTOBSZOZCTEGULGURCHKBLRZOLBDTTIESMEHLBTIAKIBBEEPAFYJSECDADYCASGKEIMKNKKWTAOMYGTDYPDTASWPKBTRKCPSFTEWDHDCMLUGMRETSCANYRPVSGLPEKIDLWSCNOTVWNLPFCFSPEYJZDNAMLPDTGRNTJLJNAYMURPDIDNMOCWMYMHRSJNCHZEZCNETNVYWNRSGWGAVSRDROWDEOZMZCFHTEHTSBURPYAAAEAEAEMHSGRPSO
UR:BYTES/10-2/LPBKAOCFAXLDCYKKKGJPROHKADSKHKAXLNCTLUAYAEAEAEAEAEAEAEHLTYSOPLVLFYCSAHHNFELAJYBZFZNBRKIMYKLEHLQDRKWEROFNTYTDGLESPAFNRECAFRWNPFWFBBGWJNMSVDINSRPFFWBNBDNNMWEMFZYAPKBYUOJTPTCKVTTEESVDPELTUTVLEMFERFJYFSPLVOWSNYENSSGYZTZSWSLTLTUTVLAXKPHNLOVLHPLNKSZCTSSRZETSUTZEEOUEFTKBRKKGZCVLJTZMONZSAAVTNDOSRLTKWSBYTKYKBETILOSFAEWEAOTDFNUTJKLYKTTEMKMSSONBKTTLGRASMYYLLAREKNNBGMZTFDTIFSTSIMZTFYJSMTRPFDKOCKLPWDOESFYACSLDRPECMTOXHEDYYTLYRLZCPFOYMWASDYPSWSHYIAWYLFUTBGFYOTJLDKBGTKNTRKVTTLJTZMUYLNBYDWJSSRZTQZUYLBREHSRTNDDIZSONVAPDONZCVTJOCPWDHDRTONHYGLJSLESTTEHKAMFTNTGMDRVEYAEYEYWFJZOYLUMHBSPRONJEHDCSOEHFESCTHNLGVWTTWMCAROLFGUMKKNPRMDHPGROLBSDETOGLWDECCPFYMHGDWMDPEOVACKWKKPTTVOGEIMHEKIPAZMZCESNYVLQDVAVDUTZEWMBSCYAOGDDLESESLFMNCWBGPTCXLTNSTNNLKBSTJSDWOTGLJZHNHYHPTNENVEHFCPLRHFSEKTGATSHSEMSTCKTAONFYDKCKGSIMNLBNWMOEREGLKTKTHFLUIYWLHHTDCPVDGDFWESCAGOMWLFTPGDCLCHNLFEHSDELECYNBEOZCCLNSTKBYIOLEZMHGREKKHYIMMHGOAHGLBGVSMKDMUYGRNYIEDAWPBGFGPKDTLNTPCMGDBTCFNNEOMWBSWE
UR:BYTES/13-2/LPBTAOCFAXLDCYKKKGJPROHKADSKSGROBSFRIMDRLOSFEEFYBDEYGHESRPVOZTJLLOKPSNHYHLFSDLOXSWTNKTFMNEDEJNTBUYLUBDHLGDQZGHDMFGISHPGHAEJEHKRKJYCYNSTKLUWFDKJNIMMUVDKSIEAHHTFPDPUTTYKEAYDAIAAECXWEMYMOPMSFJERNAERTVEETYTLAKGIASWDEPYRFSALOTKCWAHRNFHAMCWJNKOKEPMSATOOYWZVENDMDVWGLLYISNYCKFRKKRYCPBZLYRKLDVSVLSTUOONMUDSSKSSFNRYNNWEWMBEDMRDDKBEBKPAINDKFYYLBAKIPYCTNSNLKGMSPDIHGMSSFMVOKSDSDKRSFWMETNHLDNCLATEMWLTLYLZEHPEYJLUEFRLTFTTOKKFWYAZOVYCTLDTTASTBCTRSFHFRPKOXWTVOOXSKGEDRHHYNSKJZLPLNZEDWWFLRLEDMVERLBTRNCWGWAOSBUEJSGMASNLSOJLCEBZLBHHDAHFRFRTEMMULUEOREVWZMKPGMWKBBMOPMSNDILDHEPYUYFLZMMNBKFNWTFXASGURHVOJSCLADYNNEFNTDDKZTCSLPWSWEMNLYRFZERYEOLYWSMTOXAEPTVEZTBNGMLROEYTWKHDTNGRTIATHNPSMSPMGAUOMELUIELRDESPSWYTHFRFDWSFHETYSSWDTTAXSSAHTSOXKEVLWFGAFLHFDWCLRTEOKSGHWSCTPYAXSEIYFHGLDRPYBTDYDIIAROLEDMJSKELFMNBWYLFDGOURADZSOTSKDASALYMTZTHEQZNSLGNYLBPMCYRNPFBTEYSEMKBWKGPRFXVEADSELTTKHYYKPRDRVSFTYKMEJOSTBKBBGAMWJNSGURPEVLHGTSIOEOWNCPMNCMBWWSKKKKJKGTATRYGHBTCFNNLYZCGEGU

4. 對剛才保存的文件執行驗證程序代碼，例如：./keystoneQRVerify.py --file sample_qr_codes.txt

5. 最終經過解析後的文本內容應該像以下這樣：

version: 1
description: "keystone qrcode"
data {
  type: TYPE_SYNC
  uuid: "5271C071"
  sync {
    coins {
      coinCode: "BTC"
      active: true
      accounts {
        hdPath: "M/49\'/0\'/0\'"
        xPub: "xpub6D3i46Y43SFfjEBYheBK3btYMRm9Cfb8Tt4M5Bv16tArNBw5ATNyJWjdcMyLxoCdHWTvm3ak7j2BWacq5Lw478aYUeARoYm4dvaQgJBAGsb"
        addressLength: 1
      }
    }
    coins {
      coinCode: "ETH"
      active: true
      accounts {
        hdPath: "M/44\'/60\'/0\'"
        xPub: "xpub6CNhtuXAHDs84AhZj5ALZB6ii4sP5LnDXaKDSjiy6kcBbiysq89cDrLG29poKvZtX9z4FchZKTjTyiPuDeiFMUd1H4g5zViQxt4tpkronJr"
        addressLength: 5
      }
    }
    coins {
      coinCode: "BCH"
      active: true
      accounts {
        hdPath: "M/44\'/145\'/0\'"
        xPub: "xpub6CjD9XYc1hEKcAMsSasAA87Mw8bSUr6WQKrJ1ErLofJPP9sxeZ3sh1dH2S5ywQTRNrXsfXzT686jJNdX2m9KhvMDh4eQM9AdSkkQLLMbDG6"
        addressLength: 1
      }
    }
    coins {
      coinCode: "DASH"
      active: true
      accounts {
        hdPath: "M/44\'/5\'/0\'"
        xPub: "xpub6DTnbXgbPo6mrRhgim9sg7Jp571onenuioxgfSDJEREH7wudyDQMDSoTdLQiYq3tbvZVkzcPe7nMgL7mbSixQQcShekfhKt3Wdx6dE8MHCk"
        addressLength: 1
      }
    }
    coins {
      coinCode: "LTC"
      active: true
      accounts {
        hdPath: "M/49\'/2\'/0\'"
        xPub: "xpub6CKt97v4gEsG4FG9E4hEotEUtjmW8rAvVcUJ4jsmdrB437WBZnK8gs8ktzaFQHe9i7NqzcAUkc5SeNXsVoYfVNxd1AwDgbw2up8UdMWq91B"
        addressLength: 1
      }
    }
    coins {
      coinCode: "TRON"
      active: true
      accounts {
        hdPath: "M/44\'/195\'/0\'"
        xPub: "xpub6CNbvRPo2jr5oMHPQxUWVpzYAG6HykWahLiQnkxdxcDoxDS6Yje1CUDhD49jxEno9kdS6EB4VTgXohA9ppmqk3wvH4W54nJRZk477Vnpupz"
        addressLength: 1
      }
    }
    coins {
      coinCode: "XRP"
      active: true
      accounts {
        hdPath: "M/44\'/144\'/0\'"
        xPub: "xpub6C438jHkPCDoEy5jAH4a9hBtYrcprSwGvEA8L5HNhqDyJa1WZPpZXj9DNNtsRjcHxzsuZJq18sMSkbmqYKqpDacP8aMSK63ExzX2bPoMdAo"
        addressLength: 1
      }
    }
    coins {
      coinCode: "DOT"
      active: true
      accounts {
        hdPath: "//polkadot"
        xPub: "xpub69XF3sp9ePvENHmDenwg9humjwqtKuZbZ8go4p8qTpQWn1SFzXTT8DhMtPX66T6sPpaZjtdQrB7cqu3mcrn7Dch85GVrc9grt3n3AvC9BVb"
        addressLength: 1
      }
    }
  }
}
coldVersion: 10001
deviceType: "keystone Essential"

如果您對這個過程有任何問題或者建議，可以將您的訴求提交到這裡：https://github.com/KeystoneHQ/KeystoneQRVerifier

寫在最後

現在已經越來越多的人知道或者已經擁有硬件錢包了，但二維碼公開透明這個本應每個硬件錢包用戶都應該意識到的特點卻很少有人知道。除此之外，大家要是有什麼好的想法或者建議也可以給我們發郵件 support@keyst.one 。

特別感謝 @fnord123 對 QR code verifier 的供獻!