Cuvex installation and user's manual

Cold encrypt device for Seed Recovery. That's great news, You already have your device!

1. Download our Cuvex App

Cuvex App will be necessary to start your Cuvex device.

2. Remove and keep your

2 security seals

Remove the security seal that is stuck on the box and the seal that is affixed to the Cuvex device. Have both at hand, you will need them to validate the codes in the App.

3. Validate shipment traceability

Enter the code of the exterior seal that was stuck to the box in the first field and the code of the interior seal that was affixed to the device in the second field.

You can always access this section from the menu > security > Validate traceability.

4. Install the Firmware

You can now connect your Cuvex device via the USBC cable to the power supply to install the latest version of the firmware.

Go to the App and start the "Update Firmware" process, here you will have to enter the 6-digit code that you are seeing on the screen of your Cuvex device.

NOTE: For better security your Cuvex device is delivered without firmware, follow the steps that you will see in the App to be able to install the latest version.

See video

Index:

1. Description

2. Unpacking the device. Unboxing

3. Contents of the box.

4. Firmware update and set up for iOS & Android

5. Operation menu

6. Certifications

1. Description

Cuvex is a cold hardware encryption device capable of creating an AES 256 cryptogram (without connection to internet or any other peripheral device) of seeds, private keys or any type of secret in plain text. Cuvex allows you to create this cryptogram using only one Mono-Signature Encryption Password/Signature (a single key) or with several Multi-Signature Encryption Passwords/Signatures (up to six keys entered by different people).

Additionally, Cuvex has the ability to store the resulting cryptogram on NFC cards, being able to create redundancy of the encrypted secret at a very low cost.

IMPORTANT: This device does not require any maintenance.

2. Unpacking the device

Its box comes shrink-wrapped in clear plastic and sealed with a holographic security sticker on the front of the box and another holographic sticker located in the area where the USB-C cable connects. These stickers contain unique codes to validate the authenticity of the device.

The codes of your stickers can be authenticated in the Cuvex App. Access the App to the security section > menu > "Authenticate Device", enter the codes printed on both seals and click on validate.

If the box shows any signs of having been opened, peeled off stickers with evidence of the word VOID, remains of previous labels or the codes of these seals are not authenticated in the Cuvex App, the customer must contact the company and not use the device.

3. Contents of the box · Welcome Pack

Cuvex device.

USB-C power cable.

Thank-you document, which also shows you the QR of access to the online instruction manual and the firmware installation and update manual.

4. Firmware update and set up

WITH IOS

WITH ANDROID

4. Firmware update and set up

All Cuvex devices are shipped from the factory without Firmware.

The first step that the customer must execute is to download the latest version of the official firmware from the Cuvex App and install it on the Cuvex device by connecting the Cuvex App and the Cuvex device via Bluetooth.

To get started, go to the official application market of your Smartphone and download the Cuvex App. The Cuvex App does not require the user to create any profile, or provide any personal data, name, email or telephone, nothing is requested by the Cuvex App and no special permission is required.

Connect your Cuvex device via your USB-C power cable to any USB-C power charger you have and do not disconnect it at any time until any process you initiate is complete. The Cuvex device requires to be connected to its power in order to operate. You can also connect it to your PC or Laptop. The device only uses the USB-C port for power and there is no data exchange in this way.
As soon as the Cuvex device is powered, the customer can only display the Firmware update screen, which indicates that it is in update mode and that Bluetooth is active to be visible to the Cuvex App.

Important: Activate the Bluetooth of your Smartphone. Now go from the Cuvex App to the update menu and follow the instructions indicated by the App.

First of all, it will ask you to download the Cuvex update to your Smartphone.

Then the App will indicate that it has detected a visible Cuvex device and if you want to connect to it to update the Firmware.

It will then ask you to enter the pairing code displayed by the Cuvex device on the screen.

Important: Android requests native permissions to pair with the device that are different from iOS, please watch this video to continue with the process.

PUSH WITH ANDROID

Native push Nº1

Pair & Connect

Pair

Native push Nº2

Pair & Connect

If you don't see push number 2, look for it in the notification center

At this time the Cuvex device will have generated a pairing code on the Display and will have a steady blue LED on, confirming that it is ready for the secure, encrypted Bluetooth link.

The Cuvex App will indicate the processes through which it progresses until the download of the new Firmware on the Cuvex device has been completed.

The Cuvex device will remove the painted pairing code, turning off its display and blue led, when it has completely downloaded the Firmware from the Cuvex App and is proceeding to install the Firmware and reboot the device.

When you have completed the process of verification and installation of the new Firmware, the Cuvex device will show you the operation menu and the installed Firmware version.

5. Operations menu

The Cuvex device allows you to make the following actions:

A) Manage card

Flow destined to identify the card where you store your seeds or encrypted secrets, establishing an alias to it.

B) Encrypt

Flow destined to encrypt with AES 256, a seed, private key or any type of secret, establishing Mono or Multi-signature, in the process of creating the resulting cryptogram. And also proceeding to record this cryptogram on a Cuvex NFC card.

C) Decrypt

Flow destined to decrypt a cryptogram encrypted with AES256 generated in the previous process, which is stored on a Cuvex NFC card, either a Mono or Multi-signature cryptogram.

D) Clone Card

Flow destined to create exact copies of an already encrypted cryptogram, stored on a Cuvex card, maintaining all its characteristics and thus allowing to create a strong security redundancy of its seeds, private keys or secrets, at the most economical cost.

E) Settings

Flow destined to know the version of Firmware installed and to make small adjustments of the device, such as changing the language, controlling the brightness or appearance for day or night mode and updating the Firmware.

* Correct position of the card on the device.

Whenever Cuvex asks to bring the card close to the device, you can do it in the following 2 ways:

A) Manage card

By clicking on this option, the device activates the NFC reader and will display the message "Bring the card closer to be verified". The user must bring the card closer to the lower front of the device so that it can be read by the device.

Correct position de card on the device

Once the card is read, the device will display the UIDI of the card (Factory Identification Code).

On this same screen the user can assign an "Alias" to be able to name the card as he decides, in order to identify more easily what secret is encrypted in it. Example "Company Wallet".

We recommend that you always add to your alias the date on which you create your Cryptogram. Example "Company Wallet 20230907". This way you can keep a very simple check on the age of your card.

In addition, you can view the card identification QR, which is required to keep track of card inventory in the Cuvex App.

B) Encrypt

When clicking on this option, the device will first show two options to the user, "BIP39 Seed" or "Plain Text".

BIP39 Seed, asks the user to indicate the number of words that form his seed and then will request each of the words according to their numerical position.

When completing the entry of all the words indicated by the user, the device will ask if you want to include a "Passphrase or Index", not being mandatory to enter it.

Finally, the device will display on the screen the complete seed and the Passphrase or Index, if the user has entered it, without the possibility of editing, with the sole purpose of the user validating for the last time the content to be encrypted. Having the option to cancel and start again from the beginning, or encrypt.

Plain text, opens to the user a text field where he can write any type of alphanumeric text, uppercase or lowercase and with symbols, up to 500 (five hundred) characters.

When completing the entry of all the text indicated by the user, the device will ask to "Verify Secret".

Finally, the device will display on the screen the plain text that the user has entered, without the possibility of editing, with the sole purpose of the user validating for the last time the content to be encrypted. Having the option to cancel and start again from the beginning, or encrypt, process that starts the next flow.

When clicking on encrypt, in any of the two previous processes, either a BIP39 Seed or a Plain Text, the user is asked to confirm if he wants it to be a Multi-signature cryptogram.

In case of pressing "NO", the device requests the unique Password/Signature to encrypt the information entered with AES 256. It is necessary for the user to enter this Password/Signature twice, which must have a minimum of 12 characters and a maximum of 40. And it should include uppercase, lowercase, symbols and numbers.

If the user indicates "YES", in the process of establishing Multi-signature, the device will ask him to indicate the number of people necessary to access the cryptogram, and will request the introduction and repetition of the Password/Signature of each of the people necessary to decrypt the cryptogram. It is not necessary for each person to remember in which position or order they entered their Password/Signature, the device can decrypt it regardless of the order in which the Password/Signature are entered in the future to decrypt.

After entering the Password(s)/Signature(s), depending on the user's choice of Mono or Multisignature, the device will prompt the user to bring a card close to the NFC reader located on the front bottom of the device. It will inform you if the proximate card is a blank card and if it has an assigned Alias. If it does not have an Alias, you will be asked to indicate it.

If your card already has an Alias assigned to it, continue with the normal process by storing the Cryptogram on it. If, on the other hand, the proximate card already has a cryptogram stored on it, it will not allow you to use it and will prompt you to select a new card that has not been used before.

eng_10_07_2023_flujo_cifrar_10 copia.png

For security, Cuvex does not delete or overwrite information on cards that already have a cryptogram stored.

It is important that you do not remove the card from the NFC reader, until the Cuvex device informs you that it has completed the recording process successfully.

If for some reason an engraving error occurs on the card, the device will allow you to retry the cryptogram engraving on a new card only one more time.

If the cryptogram engraving error on the card is repeated, for security, the Cuvex device erases all the information of its secure element and restarts the process again, and the user must repeat the entire process.

ENG_10_07_2023_flujo_cifrar_12 copia.png

IMPORTANT, if at any time of the process, the device loses power, all the information until that moment processed, will be completely deleted from the device and it will be required to restart the whole process. This ensures that no information is ever left stored on the device.

C) Decrypt

By clicking on this option, the device activates the NFC reader and will display the message "Bring the Issuer card closer, do not remove it until indicated". The user must bring the card closer to the lower front of the device so that it can be read by the device.

As soon as it is read, if the card has a cryptogram stored, the device paints on the screen the Alias or UIDI of the card and shows the option to Decrypt or close with an "X" in the upper right corner. If the user clicks on "Close", the device deletes all the information read and stored in the secure element of the device and restarts returning to the main menu.

ENG_10_07_2023_flujo_descifrar_2 copia.png

In case of not having a cryptogram stored, the device notifies the user and allows to retry the procedure by returning to the operations menu.

If the card has a cryptogram and the user clicks on "Decrypt" the device will request a signature for the Mono-signature cryptograms or several signatures, depending on the original encryption, for the multi-signature cryptograms.

ENG_10_07_2023_flujo_descifrar_4 copia.png

If the requested signatures are entered correctly, the device decrypts the secret and displays it on the screen completely decrypted in text or QR format if the user wishes, simply by clicking on the "View QR" option. Both cases for a scheduled time of 60 seconds.

eng_10_07_2023_flujo_descifrar_5 copia.png

This time can be extended by an additional 60 seconds as many times as necessary, provided that the user clicks on the option to extend time. If you do not click on this option, the device completely erases all the information from its secure element and restarts returning to the main menu.

If the signatures are entered incorrectly, a screen will appear giving the first warning that the password that has been entered is not correct. From this screen, the user has one last attempt to enter the password correctly, before being temporarily blocked.

If the user re-enters the password incorrectly, the second warning will appear on the screen, indicating that access could not be gained and due to this, the device goes into temporary lock mode. The device clears all information and restarts, returning to the main menu.

The next time the user returns to the decrypt menu, after entering an incorrect password/decryption signature, the user must wait 5 minutes to retry the process. During this five minute wait the device must be connected to the power supply in order to reset the counter.

D) Clone Cards

As soon as it is read, if the card has a cryptogram stored the device paints on the screen the Alias or UIDI of the card and shows the option to Clone or close with an "X" in the upper right corner. If the user clicks on "Close", the device deletes all the information read and stored in the secure element of the device and restarts returning to the main menu.

In case of not having a cryptogram stored, the device notifies the user and allows to retry the procedure by returning to the operations menu.

If the card has cryptogram and the user clicks on "Clone" the device will prompt the user to "zoom in, out and zoom in on the receiving card. Do not remove it until prompted".

If the card approximated as Clone Receiver, has a cryptogram stored, the device notifies the user and allows to retry the procedure by returning to the Clone screen.

If the approximate card is virgin and does not have a cryptogram stored, the Cuvex device informs the user that it is proceeding to Clone the card, recording the issuing cryptogram on it and requesting the user not to remove it.

If the cloning process could not be completed successfully, the device will paint a "Recording Error" on the screen and the user will have to repeat the process from the beginning.

If the cloning process has been completed successfully, the device will notify you on the screen and the user can remove the card from the reader at that time.

Always, in any case, after the completion of any process, the Cuvex device permanently deletes from its secure element any information it has processed. There is no record or trace of information left on the Cuvex device itself.

E) Settings

When you click on this option, the device displays a submenu with the following setting options:

* Version

* Brightness

* Lenguage

* Appearance

Versión

By clicking on this option in the Settings submenu, the device displays the installed Firmware version, the hardware version of the device and allows the user to start the Firmware Update process.

If the user clicks on the "Update" option, the Cuvex device displays a message as a second confirmation on the screen, informing the user that must have previously downloaded the new version of the Firmware in the Cuvex App to complete this process, as well as to follow the instructions of this process in the Cuvex App. Also showing again the "Update" button.

If the user clicks three times on the "Update" button on the process confirmation screen, the device enters Firmware update mode, completely removing the Firmware it has installed and activating Bluetooth to be able to connect to the Cuvex App and download the new Firmware to be installed.

This procedure is governed from the Cuvex App and the user must follow the steps indicated by the App. The App will indicate to the user that it has detected a Cuvex device and will request him to confirm that he wants to connect with the device to make a Firmware Update.

After confirmation in the App by the user who wants to connect with the Cuvex device, the App and the Cuvex device begin to make a secure, encrypted Bluetooth connection, for which the Cuvex device will generate a pairing code on its screen.

The App will ask the user to enter the pairing code generated on the Cuvex device.

After this process, the App will begin to send the new firmware to the Cuvex device in an encrypted and secure way, showing on screen the evolution of this process.

IMPORTANT, this process can take more than 5 minutes, it all depends on the capacity of the smartphone hardware used for the update. Throughout this process, the smartphone must remain next to the Cuvex device and the Cuvex device must maintain power from its USB-C cable. If you move your smartphone away from your Cuvex device or disconnect the power to your Cuvex device, the process is interrupted and you must start completely again.

We invite you to do this process with time and calm, as it is a process that you will not have to do regularly and that we have designed with the best and safest security practices in the industry. Although this may take some time to do it.

Brightness

When you click on this option in the Settings submenu, the device shows a bar on the screen with which you can increase the intensity of the screen brightness by sliding it to the right or decrease it by sliding it to the left.

Lenguage

By clicking on this option in the Settings submenu, the device shows on the screen the different languages supported, the user only has to "click" on the language he wants to configure by default. After the first installation of Firmware the Cuvex device is configured in English by default.

Appearance

When you click on this option in the Settings submenu, the device displays the two appearance options available on the Cuvex device. Light or Day and Dark or Night.

The user will only have to click on the option that he likes the most to leave the Appearance of the screen of his device configured in all the operation menus.

6. Certifications

Security and Certifications

The Cuvex device is CE, UL and RoHS certified and complies with all quality, security and environmental standards.

The Cuvex device does not suffer damages by X-ray machines and can be safely transported on airplanes.