Could someone pre-program their own key in my device before I receive it? (Supply chain attacks)

No. The NGRAVE ZERO is fully tamper-proof and would be prohibitively difficult and expensive to break into or pre-program.

  • The device is also designed to detect any intrusions, upon which it will wipe itself entirely.
  • If an attacker were to succeed in tampering with the device, NGRAVE's cryptographic attestation step (see How do I know the ZERO I received is safe to use?) would show that the device had been tampered with the moment you turned it on.
  • If an attacker were to get beyond this stage, the key generation process is done in such a way that the user manipulates the final key, resolving any tampering that would have occurred before.

This final step is unique to NGRAVE.