HSM-Based Cold Wallet
Finrock's cold wallet leverages certified HSM devices to store private keys in tamper-resistant hardware.
- FIPS 140-2 Level 3 compliant HSMs
- Full key isolation with no internet exposure
- Physical protection from unauthorized access or key exfiltration
- Air-gapped signing workflow
Recommended HSM
Air-Gapped Signing with QR Code Workflow
Finrock offers a fully air-gapped transaction signing process using QR codes, eliminating the need for internet/network access at any stage of the signing process.
- Transactions initiated from the Finrock platform are converted into PSBT or equivalent unsigned payloads.
- These payloads are displayed as QR codes on Finrock workspace (platform).
- An air-gapped device running the Finrock Mobile App (in aeroplane mode or without SIM/network) scans the QR code.
- The app signs the transaction entirely offline using private keys stored in a secure enclave/HSM or key shards.
The app then displays a signed transaction as a return QR code, which can be scanned back into the platform. for broadcasting.
Key Benefits:
- No network connections required: The signing device can remain in a completely offline state.
- Immune to remote exploits or malware: Ideal for highly sensitive treasury environments.
- Frictionless UX: Designed for real-world business operations, not just security theory.
This air-gapped QR signing model is perfect for institutions looking to combine the ultimate cold storage security with operational usability.
