Key Ceremony

How It Works

A key ceremony treats key generation as a critical security event rather than a casual setup step. The process typically begins with preparing a clean, air-gapped environment — a room with no cameras, no phones, and no network-connected devices. Participants follow a written protocol step by step, often with witnesses present to verify each action is performed correctly.

Entropy is generated using physical methods like dice rolls, which produce verifiable randomness independent of any device's hardware random number generator. The dice results are converted into a seed phrase using verified, air-gapped software or hardware wallets. Each seed phrase is immediately recorded on a metal backup — never digitally, never on paper first. The device used for generation is either dedicated hardware that never connects to a network or is securely wiped after the ceremony.

For multisig setups, the ceremony generates each key independently, often at different locations and times, so that no single session produces enough keys to compromise the quorum. Extended public keys (xpubs) are exported to set up the multisig coordination, while private keys remain isolated. The ceremony is documented with enough detail to reproduce the setup for verification, but without recording any secret material. For institutional or high-value personal holdings, this level of rigor is not paranoia — it is prudent engineering.

Key Points

• Formal, documented process for generating keys under controlled, secure conditions
• Physical dice rolls provide verifiable entropy independent of any device
• Air-gapped environment with no cameras, phones, or network-connected devices
• Metal backups are created immediately — secrets never touch digital storage or networked devices
• For multisig, each key is generated independently to prevent single-session compromise