The NGRAVE ZERO generates your private keys offline and never exposes them afterwards. The device is completely "air-gapped", meaning it does not rely on any kind of network connection capability (such as WiFi/Bluetooth/NFC), nor does it require USB.
NGRAVE provides a mobile app to directly sync all the generated accounts from the ZERO. That way, the user can easily consult his real-time balances or ask to receive a transaction. Communication between the ZERO and the app occurs through QR-codes. This way, the app never has access to the secret keys on the ZERO. Hence, the secret keys are never exposed to any online attack vector. Not even when signing transactions.
They received the Evaluation Assurance Level 7, the highest standard in the world.
Benefits of open source?
"First of all, we believe strongly in the benefits of open source. But we also have to consider its limitations. The security principle of having many eyes checking our code only holds if there are many people looking at our code and reporting issues.
Unless we have a large and active user base, there is a significant risk that zero day vulnerabilities do not get disclosed. For this reason, we decided to gradually open source our device. To understand our reasoning, you have to understand the overall security design of our inner working: There is a non-secure firmware taking care of peripherals such as the touch screen, and the secure firmware authenticating the non-secure OS and providing the operations for all security related operations (secure storage, signing, key creation with TRNG etc). We have tried to find the best solution for the secure firmware, and we decide to partner with the only player in the worlds offering EAL7 certified firmware. This means it is the most extensively tested firmware ever and it is impossible even for us to tamper with part of our device. Furthermore, we also use a secure element for storage of the most sensitive data, which we also are not allowed to open source. Our secure firmware gives us the option to replace functions ourselves with applets running within that secure OS. Once we release, we plan on gradually rewriting all parts currently covered by the proprietary OS ourselves and open source those applets one by one. Also keep in mind that the operational nature of our device is such that all sensitive communication happens over open (unencrypted) QR codes anyway, which are easy to verify by their nature. Since the key creation is done in combination by EAL7 verified secure firmware and parts of the non-secure OS that we will open source, and that transaction happen over QR code, we believe we combine the best of both worlds.
Finally, we will also release the code of our mobile app at launch, which will contain all details about how we use the QR codes. This way, it is easy for anyone to understand how we use them and to re-use our logic there for any integration on another wallet or web service that they want."
NGRAVE CEO Ruben Merre