top of page

Cuvex installation and user's manual

Cold encrypt device for Seed Recovery. That's great news, You already have your device! 

1. Download our Cuvex App

Cuvex App will be necessary to start your Cuvex device.

ENG_botón iOS_20231030.png
ENG_botón goggle_20231030.png

2. Remove and keep your

2 security seals

Remove the security seal that is stuck on the box and the seal that is affixed to the Cuvex device. Have both at hand, you will need them to validate the codes in the App.

sellos_EN.png

3. Validate shipment traceability

Enter the code of the exterior seal that was stuck to the box in the first field and the code of the interior seal that was affixed to the device in the second field.

You can always access this section from the menu > security > Validate traceability.

Trazabilidad.png_EN.png
Cajaext+sello.png

1.

2.

menu_EN.png

4. Install the Firmware

You can now connect your Cuvex device via the USBC cable to the power supply to install the latest version of the firmware.

Go to the App and start the "Update Firmware" process, here you will have to enter the 6-digit code that you are seeing on the screen of your Cuvex device.

 

NOTE: For better security your Cuvex device is delivered without firmware, follow the steps that you will see in the App to be able to install the latest version. 

Interiores_3_en.png
Device+Code.png
manual_descripcion_icon.png

1. Description

Cuvex is a cold hardware encryption device capable of creating an AES 256 cryptogram (without connection to internet or any other peripheral device) of seeds, private keys or any type of secret in plain text. Cuvex allows you to create this cryptogram using only one Mono-Signature Encryption Password/Signature (a single key) or with several Multi-Signature Encryption Passwords/Signatures (up to six keys entered by different people).

 

Additionally, Cuvex has the ability to store the resulting cryptogram on NFC cards, being able to create redundancy of the encrypted secret at a very low cost.

IMPORTANT: This device does not require any maintenance.

manual_unboxing_icon.png

2. Unpacking the device

Its box comes shrink-wrapped in clear plastic and sealed with a holographic security sticker on the front of the box and another holographic sticker located in the area where the USB-C cable connects. These stickers contain unique codes to validate the authenticity of the device.

20230910_manual_cajas_negras_1.png

The codes of your stickers can be authenticated in the Cuvex App. Access the App to the security section > menu > "Authenticate Device", enter the codes printed on both seals and click on validate.  

20231026_ENG_manual_autenticar_.png

If the box shows any signs of having been opened, peeled off stickers with evidence of the word VOID, remains of previous labels or the codes of these seals are not authenticated in the Cuvex App, the customer must contact the company and not use the device.  

manual_caja_negra_error.png
manual_caja_negra_void.png
icon_contenido_caja.png

3. Contents of the box · Welcome Pack

check_icon copia.png
check_icon copia.png
check_icon copia.png

Cuvex device.  

USB-C power cable.

Thank-you document, which also shows you the QR of access to the online instruction manual and the firmware installation and update manual.

4. Firmware update and set up

WITH IOS 

WITH ANDROID

4. Firmware update and set up

All Cuvex devices are shipped from the factory without Firmware. 

The first step that the customer must execute is to download the latest version of the official firmware from the Cuvex App and install it on the Cuvex device by connecting the Cuvex App and the Cuvex device via Bluetooth.

  • To get started, go to the official application market of your Smartphone and download the Cuvex App. The Cuvex App does not require the user to create any profile, or provide any personal data, name, email or telephone, nothing is requested by the Cuvex App and no special permission is required.

ENG_botón iOS_20231030.png
ENG_botón goggle_20231030.png
  • Connect your Cuvex device via your USB-C power cable to any USB-C power charger you have and do not disconnect it at any time until any process you initiate is complete. The Cuvex device requires to be connected to its power in order to operate. You can also connect it to your PC or Laptop. The device only uses the USB-C port for power and there is no data exchange in this way.

  • As soon as the Cuvex device is powered, the customer can only display the Firmware update screen, which indicates that it is in update mode and that Bluetooth is active to be visible to the Cuvex App.

20231025_manual_version_4 copia.png
  • Important: Activate the Bluetooth of your Smartphone. Now go from the Cuvex App to the Device Update menu and follow the instructions indicated by the App.    

Actualizacion_Firmware_EN.png
  • First of all, it will ask you to download the Cuvex update to your Smartphone.  

ENG_manual_autenticar_dospi_3.png
  • Then the App will indicate that it has detected a visible Cuvex device and if you want to connect to it to update the Firmware.   

  • It will then ask you to enter the pairing code displayed by the Cuvex device on the screen. 

TECLEAR CODIGO EN.jpg

Important:  Android requests native permissions to pair with the device that are different from iOS, please watch this video to continue with the process.

Firmware_android3.jpg
Firmware_android2.jpg

PUSH WITH ANDROID

Native push Nº1

Pair & Connect

Pair

Native push Nº2

Pair & Connect

If you don't see push number 2, look for it in the notification center

  • At this time the Cuvex device will have generated a pairing code on the Display and will have a steady blue LED on, confirming that it is ready for the secure, encrypted Bluetooth link.

20231025_manual_version_6.png
  • The Cuvex App will indicate the processes through which it progresses until the download of the new Firmware on the Cuvex device has been completed. 

ENG_manual_autenticar_dospi_6 copia.png
  • The Cuvex device will remove the painted pairing code, turning off its display and blue led, when it has completely downloaded the Firmware from the Cuvex App and is proceeding to install the Firmware and reboot the device.

manual_actualizacion_firmware.png
  • Once you have completed the verification and installation process for the new firmware, the Cuvex device will reboot and display the logo with the installed firmware version. By tapping on the screen, you will access the initial guided menu, where you will be prompted to select the language. After that, you will be asked to set a "device alias." This configuration will help ensure, in future operations, that you are using your personal Cuvex device. Finally, the operations menu will be displayed.

Settings.png
menu_icon.png

5. Operations menu

The Cuvex device allows you to make the following actions: 

A) Manage card

Flow destined to identify the card where you store your seeds or encrypted secrets, establishing an alias to it.

B) Encrypt

Flow destined to encrypt with AES 256, a seed, private key or any type of secret, establishing Mono or Multi-signature, in the process of creating the resulting cryptogram. And also proceeding to record this cryptogram on a Cuvex NFC card. 

C) Decrypt

Flow destined to decrypt a cryptogram encrypted with AES256 generated in the previous process, which is stored on a Cuvex NFC card, either a Mono or Multi-signature cryptogram.   

D) Clone Card

Flow destined to create exact copies of an already encrypted cryptogram, stored on a Cuvex card, maintaining all its characteristics and thus allowing to create a strong security redundancy of its seeds, private keys or secrets, at the most economical cost.   

E) Settings

Flow destined to know the version of Firmware installed and to make small adjustments of the device, such as changing the language, controlling the brightness or appearance for day or night mode and updating the Firmware.

* Correct position of the card on the device.

Whenever Cuvex asks to bring the card close to the device, you can do it in the following 2 ways:

iconos_tarjeta1.png
iconos_tarjeta2.png

A) Manage card

By clicking on this option, the device activates the NFC reader and will display the message "Bring the card closer to be verified". The user must bring the card closer to the lower front of the device so that it can be read by the device.  

Correct position de card on the device

iconos_tarjeta1.png
iconos_tarjeta2.png

Once the card is read, the device will display the UIDI of the card (Factory Identification Code).  

 

On this same screen the user can assign an "Alias" to be able to name the card as he decides, in order to identify more easily what secret is encrypted in it. Example "Company Wallet".  

 

We recommend that you always add to your alias the date on which you create your Cryptogram. Example "Company Wallet 20230907". This way you can keep a very simple check on the age of your card.

eng_07072023_web_manual_alias.png

In addition, you can view the card identification QR, which is required to keep track of card inventory in the Cuvex App.  

eng_07072023_web_manual_alias_qr.png

B) Encrypt

By selecting this option, the device will first display all the available options for the encryption process: "BIP39 Seed," "SLIP39 Seed (SHAMIR)," "XMR Seed (MONERO)," "PLAIN TEXT," or "TEXT FROM NFC."

A) "BIP39 Seed," "SLIP39 Seed (SHAMIR)," and "XMR Seed (MONERO)" are the dictionaries already loaded onto your Cuvex device. You will need to choose the type of seed phrase you wish to store so the device can assist you in verifying each word. Most wallets use BIP39 seed phrases, but some wallets offer the option to create Shamir-type seed phrases. For instance, this is supported by hardware wallets such as Trezor, among others, allowing the creation of SLIP39 (Shamir) seed phrases, which are typically 20 words long. Additionally, if you have a Monero (XMR) wallet, you will need to select this option. The three types of seed phrases use different dictionaries, so it is crucial to choose the correct type. If you select a seed phrase type and the Cuvex device does not recognize your words by auto-completing them as you type and highlighting them in green you have most likely selected the wrong seed phrase type. Verify with your wallet provider what type of seed phrase it generates. 

 

In any of the three options, the Cuvex device will ask you to indicate the number of words in your seed phrase, and then it will request each word according to its numerical position in the sequence in which they were created.

Once you have completed the entry of all the words you specified, the device will ask if you want to include a "Passphrase / Derivation Path." While it is not mandatory to enter this, you can use this field to store all necessary information from your encrypted wallet.

 

As you likely know, the passphrase is often referred to as the "25th word" of your wallet. Essentially, when you first created your wallet, you may have set up a passphrase as an additional security measure. This enhances the entropy of your seed phrase and adds an extra layer of protection. The passphrase is not mandatory to enter during the encryption process, nor is it required to be configured in your wallet.

 

Regarding the derivation path, this information ensures that you can always recover your wallet easily. Technically, it is the sequence that dictates how private keys and addresses are generated from a master seed phrase. This information is valuable because, if in the future, you enter your seed phrase into a wallet that has a default derivation path different from your original wallet, you won’t be able to see your funds. This does not mean they are lost or in danger. It simply means that you are essentially accessing a different wallet. Storing the derivation path will help you always know the sequence from which your private keys are generated. If you are unsure of your current derivation path, please contact your wallet's support team to clarify this as soon as possible.

Finally, the device will display on the screen the complete seed and the Passphrase or Index, if the user has entered it, without the possibility of editing, with the sole purpose of the user validating for the last time the content to be encrypted. Having the option to cancel and start again from the beginning, or encrypt. 

ENG_10_07_2023_flujo_cifrar_4.png

B) Plain text, opens to the user a text field where he can write any type of alphanumeric text, uppercase or lowercase and with symbols, up to 500 (five hundred) characters. 

When completing the entry of all the text indicated by the user, the device will ask to "Verify Secret".

Finally, the device will display on the screen the plain text that the user has entered, without the possibility of editing, with the sole purpose of the user validating for the last time the content to be encrypted. Having the option to cancel and start again from the beginning, or encrypt, process that starts the next flow.

ENCRYPT_TEXT_PLAIN.png

C) Text from NFC. If you need to input a lengthy text, you can use the Cuvex App for smartphones to draft it. While the Cuvex device interface allows typing, it may be more convenient for you to do so on your smartphone's keyboard.

To proceed, go to the "Encrypt Secret via NFC" option on the Cuvex App, draft the secret you wish to encrypt, and write that secret onto a blank NFC card. After completing this, on your Cuvex device, select the option Encrypt > TEXT FROM NFC from the menu. The device will then prompt you to bring the card containing your secret, written via the Cuvex App, close to the NFC reader on the Cuvex device.

 

This way, the Cuvex device will load the entire text you want to encrypt without the need to type it on the device's screen.

TEXT NFC.png

When you press encrypt in any of the previous processes, whether it’s a “BIP39 Seed,” “SLIP39 Seed (SHAMIR),” “XMR Seed (MONERO),” “PLAIN TEXT,” or “TEXT FROM NFC,” you will be asked to confirm if you want it to be a Multi-signature cryptogram.

 

In case of pressing "NO", the device requests the unique Password/Signature to encrypt the information entered with AES 256. It is necessary for the user to enter this Password/Signature twice, which must have a minimum of 12 characters and a maximum of 40. And it should include uppercase, lowercase, symbols and numbers.

ENG_10_07_2023_flujo_cifrar_7 copia.png

If you select "YES" in the process of setting up Multi-signature, the device will prompt you to specify the total number of people who will sign. Then, it will ask you to indicate how many of those individuals are mandatory for decryption. This allows you to set up to six signers/passwords and also decide whether all signers are required to decrypt or if only some of them are sufficient for decryption. For example, imagine a company or family with six executives or children encrypting the seed phrase of the corporate or family wallet using Cuvex. Each of them sets their own signature/password. In the case of the company, it is configured so that all signers must input their signature/password to decrypt and access the corporate wallet's seed phrase. However, in the case of the family, it is configured so that only three of them are needed to decrypt and access the family wallet.

 

Once the two previous steps are configured, the device will prompt each person to enter and confirm their Password/Signature. It is not necessary for each person to remember the position or order in which they entered their Password/Signature, as the device will be able to decrypt regardless of the order in which the Passwords/Signatures are entered in the future for decryption.

 

Remember, if you set it so that all signers are mandatory, the signature/password of all individuals will always be required to decrypt the cryptogram. If you configure it so that only some signers are sufficient for decryption, you must understand that the threshold you set for mandatory signers can be met by any of the signers. It is not possible to select specific signers for decryption when you set fewer than the total number of signers as mandatory.

MULTI-SIGNATURE

You must complete the signatures/passwords for all the individuals specified to finalize the detailed process. After this, the device will generate the cryptogram and prompt you to bring a blank card close to the device to write the resulting cryptogram onto it. If, however, the card presented already contains a stored cryptogram, it will not allow you to use it and will prompt you to select a new card that has not been used previously.

eng_10_07_2023_flujo_cifrar_10 copia.png

For security, Cuvex does not delete or overwrite information on cards that already have a cryptogram stored.

 

It is important that you do not remove the card from the NFC reader, until the Cuvex device informs you that it has completed the recording process successfully.  

 

If for some reason an engraving error occurs on the card, the device will allow you to retry the cryptogram engraving on a new card only one more time. 

If the cryptogram engraving error on the card is repeated, for security, the Cuvex device erases all the information of its secure element and restarts the process again, and the user must repeat the entire process.

ENG_10_07_2023_flujo_cifrar_12 copia.png

IMPORTANT, if at any time of the process, the device loses power, all the information until that moment processed, will be completely deleted from the device and it will be required to restart the whole process. This ensures that no information is ever left stored on the device.  

C) Decrypt

By clicking on this option, the device activates the NFC reader and will display the message "Bring the Issuer card closer, do not remove it until indicated". The user must bring the card closer to the lower front of the device so that it can be read by the device.  

ENG_10_07_2023_flujo_descifrar_1.png

As soon as it is read, if the card has a cryptogram stored, the device paints on the screen the Alias or UIDI of the card and shows the option to Decrypt or close with an "X" in the upper right corner. If the user clicks on "Close", the device deletes all the information read and stored in the secure element of the device and restarts returning to the main menu.  

ENG_10_07_2023_flujo_descifrar_2 copia.png

In case of not having a cryptogram stored, the device notifies the user and allows to retry the procedure by returning to the operations menu.

ENG_10_07_2023_flujo_descifrar_3.png

If the card has a cryptogram and the user clicks on "Decrypt" the device will request a signature for the Mono-signature cryptograms or several signatures, depending on the original encryption, for the multi-signature cryptograms.  

ENG_10_07_2023_flujo_descifrar_4 copia.png

If the requested signatures are entered correctly, the device decrypts the secret and displays it on the screen completely decrypted in text or QR format if the user wishes, simply by clicking on the "View QR" option. Both cases for a scheduled time of 60 seconds.  

eng_10_07_2023_flujo_descifrar_5 copia.png

This time can be extended by an additional 60 seconds as many times as necessary, provided that the user clicks on the option to extend time. If you do not click on this option, the device completely erases all the information from its secure element and restarts returning to the main menu.

eng_20231026_flujo_descifrar_6.png

If the signatures are entered incorrectly, a screen will appear giving the first warning that the password that has been entered is not correct. From this screen, the user has one last attempt to enter the password correctly, before being temporarily blocked.

eng_20231026_flujo_descifrar_7.png

If the user re-enters the password incorrectly, the second warning will appear on the screen, indicating that access could not be gained and due to this, the device goes into temporary lock mode.  The device clears all information and restarts, returning to the main menu. 


The next time the user returns to the decrypt menu, after entering an incorrect password/decryption signature, the user must wait 5 minutes to retry the process. During this five minute wait the device must be connected to the power supply in order to reset the counter.

eng_20231026_flujo_descifrar_8.png

D) Clone Cards

By clicking on this option, the device activates the NFC reader and will display the message "Bring the Issuer card closer, do not remove it until indicated". The user must bring the card closer to the lower front of the device so that it can be read by the device.  

ENG_10_07_2023_flujo_clonar_1.png

As soon as it is read, if the card has a cryptogram stored the device paints on the screen the Alias or UIDI of the card and shows the option to Clone or close with an "X" in the upper right corner. If the user clicks on "Close", the device deletes all the information read and stored in the secure element of the device and restarts returning to the main menu.  

ENG_10_07_2023_flujo_clonar_2 copia.png

In case of not having a cryptogram stored, the device notifies the user and allows to retry the procedure by returning to the operations menu.

ENG_10_07_2023_flujo_clonar_4.png

If the card has cryptogram and the user clicks on "Clone" the device will prompt the user to "zoom in, out and zoom in on the receiving card. Do not remove it until prompted".

 

If the card approximated as Clone Receiver, has a cryptogram stored, the device notifies the user and allows to retry the procedure by returning to the Clone screen.  

eng_10_07_2023_flujo_clonar_5 copia.png

If the approximate card is virgin and does not have a cryptogram stored, the Cuvex device informs the user that it is proceeding to Clone the card, recording the issuing cryptogram on it and requesting the user not to remove it.  

eng_10_07_2023_flujo_clonar_9.png

If the cloning process could not be completed successfully, the device will paint a "Recording Error" on the screen and the user will have to repeat the process from the beginning.  

If the cloning process has been completed successfully, the device will notify you on the screen and the user can remove the card from the reader at that time.

ENG_10_07_2023_flujo_clonar_10.png

Always, in any case, after the completion of any process, the Cuvex device permanently deletes from its secure element any information it has processed. There is no record or trace of information left on the Cuvex device itself.

ENG_10_07_2023_flujo_clonar_11.png

E) Settings

When you click on this option, the device displays a submenu with the following setting options: 

* Version

* Brightness

* Lenguage

* Appearance

  • Versión

By clicking on this option in the Settings submenu, the device displays the installed Firmware version, the hardware version of the device and allows the user to start the Firmware Update process.  

 

If the user clicks on the "Update" option, the Cuvex device displays a message as a second confirmation on the screen, informing the user that must have previously downloaded the new version of the Firmware in the Cuvex App to complete this process, as well as to follow the instructions of this process in the Cuvex App. Also showing again the "Update" button.

 

If the user clicks three times on the "Update" button on the process confirmation screen, the device enters Firmware update mode, completely removing the Firmware it has installed and activating Bluetooth to be able to connect to the Cuvex App and download the new Firmware to be installed.

ENG_manual_version_5 copia.png

This procedure is governed from the Cuvex App and the user must follow the steps indicated by the App. The App will indicate to the user that it has detected a Cuvex device and will request him to confirm that he wants to connect with the device to make a Firmware Update.  

ENG_manual_autenticar_dospi_4 copia.png

After confirmation in the App by the user who wants to connect with the Cuvex device, the App and the Cuvex device begin to make a secure, encrypted Bluetooth connection, for which the Cuvex device will generate a pairing code on its screen.

20231025_manual_version_6.png

The App will ask the user to enter the pairing code generated on the Cuvex device.

TECLEAR CODIGO EN.jpg

After this process, the App will begin to send the new firmware to the Cuvex device in an encrypted and secure way, showing on screen the evolution of this process.  

 

IMPORTANT, this process can take more than 5 minutes, it all depends on the capacity of the smartphone hardware used for the update. Throughout this process, the smartphone must remain next to the Cuvex device and the Cuvex device must maintain power from its USB-C cable. If you move your smartphone away from your Cuvex device or disconnect the power to your Cuvex device, the process is interrupted and you must start completely again.

 

We invite you to do this process with time and calm, as it is a process that you will not have to do regularly and that we have designed with the best and safest security practices in the industry. Although this may take some time to do it.

  • Brightness

When you click on this option in the Settings submenu, the device shows a bar on the screen with which you can increase the intensity of the screen brightness by sliding it to the right or decrease it by sliding it to the left.

ENG_manual_aspecto_brillo.png
  • Lenguage

By clicking on this option in the Settings submenu, the device shows on the screen the different languages supported, the user only has to "click" on the language he wants to configure by default. After the first installation of Firmware the Cuvex device is configured in English by default.

ENG_manual_aspecto_idiomas copia.png
  • Appearance

When you click on this option in the Settings submenu, the device displays the two appearance options available on the Cuvex device. Light or Day and Dark or Night. 

The user will only have to click on the option that he likes the most to leave the Appearance of the screen of his device configured in all the operation menus.   

ENG_manual_aspecto_3 copia.png
icon_certificaciones.png

6. Certifications

Security and Certifications 

The Cuvex device is CE, UL and RoHS certified and complies with all quality, security and environmental standards.  

The Cuvex device does not suffer damages by X-ray machines and can be safely transported on airplanes.    

bottom of page