The Wearable Wallet
Cryptograph is a wallet for Apple Watch. The keys are kept on the watch and signing happens on the watch. The phone shows your portfolio and relays network traffic.
This is the first post on this blog.
A new category
The market sells hardware wallets. These are dedicated devices that sit in a drawer between transactions; reaching for one signals to anyone present that the user has cryptocurrency to protect.
A hardware wallet is a mitigation. It assumes the attacker is remote and protects the keys behind a chip. The model works as long as the attacker cannot reach the holder in person. The wrench-attack pattern of the past two years has shown that this assumption no longer holds for visible holders.
The wearable wallet is a different category. The premise is invisibility before equally strong mitigation. An ordinary Apple Watch on an ordinary wrist holds no obvious meaning to a stranger. Border agents have no reason to ask about it. Searching a desk reveals nothing of interest. The keys are on the watch; the watch gives away nothing about what it carries.
Convenience as security
Security tools that live in a drawer get used for the largest transactions and skipped for the rest. The friction that was meant to keep the keys safe pushed everyday signing onto less protected devices.
The wearable wallet uses a device that is already on the user. Every transaction is signed on the watch, including small and routine ones, because there is no friction in reaching for them.
The signing experience is intended to be uneventful: the watch shows the transaction, the user holds to approve, and the screen returns to the normal face.
What is on the watch
The keys are generated on the watch and secured by the Secure Enclave, Apple’s hardware security module developed for Apple Pay. It holds a hardware key that cannot be exported from the device. The wallet keys themselves never leave the watch in plaintext, not even to the phone, and never touch a server.
The phone is transport. It carries network traffic, displays your portfolio, and shows pending requests. It does not sign and it does not hold key material. Even if the phone is fully compromised, the keys remain on the watch.
When you sign, the watch decodes and shows what is being signed: amounts, addresses, token approvals, and contract calls in plain language.
A complete walk-through of the architecture will be the next post.
Recovery, by design
Self-custody means that loss is your responsibility. Cryptograph never asks you to write down or type in a seed phrase. A mnemonic exists inside the system, generated on the watch and protected at rest, and you do not have to handle it. It cannot be exported from the watch in plaintext.
Recovery exists in two forms.
The Recovery Sheet is an encrypted QR code that you print on paper. You choose a PIN or passphrase. The encrypted sheet can sit in a fireproof safe, a deposit box, or a trusted partner’s drawer. Without the passphrase, the sheet reveals nothing.
Photo Backup hides the same encrypted material inside an ordinary JPEG: a landscape, a family portrait, a holiday photograph. The image looks like an image. The recovery data sits inside the pixels and is retrievable only with the passphrase.
Both options are non-custodial. There is no server holding a copy, no company-held key, no cloud account, and no override. If both the watch and the recovery material are lost, the funds are gone.
Who this is for
Cryptograph is built for people who treat self-custody as a long-term practice and would rather not advertise what they hold.
If you have been treating self-custody as a discipline rather than a chore, you may already understand the appeal of an object that disappears into the rest of your life.
What this blog will cover
Future posts will cover the architecture in detail, including the precise role of the Secure Enclave and the limits of the model; the threat landscape and what the public data on physical crypto crime actually says; the recovery options and how to set them up; and product updates as they ship.
Cryptograph is available now on the App Store.
The Cryptograph Team