Keystone Pro 3 Setup Guide: Air-Gapped Wallet for Beginners

The Keystone Pro 3 setup takes roughly 15–20 minutes from unboxing to your first signed transaction. Unlike the Ledger Nano X or Trezor Model T, the Keystone 3 Pro never connects via USB or Bluetooth — every interaction happens over QR codes, which eliminates the entire class of USB-based attack vectors. This guide walks you through every step of the Keystone wallet setup, including pairing with MetaMask mobile on Android or iOS.

---

What's in the Box: Keystone 3 Pro Unboxing

Before powering on the device, verify the contents of the packaging and check for tamper evidence. Keystone ships the 3 Pro with a tamper-evident holographic seal on the outer box. If the seal is broken or missing, do not use the device — contact Keystone support immediately.

Expected box contents:

• Keystone 3 Pro device (4-inch touchscreen, fingerprint reader)
• 3 × metal-grade seed phrase backup cards (AAA-grade stainless steel cards are sold separately as Keystone Tablet)
• 1 × USB-C charging cable (charging only — no data)
• 3 × paper seed backup cards
• Quick-start guide

Note that the USB-C port on the Keystone 3 Pro is power only. No firmware, no data, no signing ever travels over that cable. Firmware updates use a microSD card, covered in the maintenance section below.

Checking Firmware Authenticity Before First Boot

Keystone embeds a supply-chain security check directly into the boot sequence. On first power-on, the device displays a QR code and a URL — https://keyst.one/verify — where you can independently confirm the firmware hash matches Keystone's published build. Complete this check before generating a seed.

---

Step 1: First Boot and Language Setup

1. Press and hold the power button on the right side of the Keystone 3 Pro until the Keystone logo appears.
2. Select your language from the list on the touchscreen. English, Chinese (Simplified), Spanish, and several others are available as of firmware v1.1.0.
3. Read and accept the Terms of Service on-device.
4. Complete the supply-chain verification by scanning the displayed QR code with your phone and comparing the firmware hash to the value listed in Keystone's GitHub releases.

---

Step 2: Set Your PIN

Your PIN is the first line of defense if someone physically gets the Keystone 3 Pro in their hands.

1. Tap "Set PIN" on the setup screen.
2. Enter a PIN between 6 and 20 digits using the on-screen numpad. Keystone shuffles numpad layout on each entry to defeat shoulder-surfing.
3. Confirm the PIN by entering it a second time.
4. Register your fingerprint (optional but recommended). The Keystone 3 Pro has an offline fingerprint sensor — biometric data never leaves the device. You can register up to 5 fingerprints.

PIN guidelines:

• Do not use birth years, repeating sequences (111111), or ascending runs (123456).
• After 5 incorrect PIN attempts, the device imposes an exponentially increasing lockout delay. After 10 failed attempts, the Keystone 3 Pro performs a factory reset.

---

Step 3: Generate or Restore a Seed Phrase

This is the most security-critical step of the entire Keystone wallet setup. Choose between generating a new seed or restoring an existing one.

Option A: Generate a New Seed

1. Tap "Create Wallet" on the home screen.
2. Choose seed length: 12, 18, or 24 words. For maximum entropy, select 24 words.
3. Confirm the dice-roll option if you want to mix your own entropy into the seed. Keystone allows you to roll a physical die up to 99 times and input each result — the device XORs your dice entropy with its internal TRNG. This is optional but recommended by the BIP-39 specification for maximum randomness.
4. Write down every word in order on the included paper backup cards. The Keystone 3 Pro displays one word at a time, full-screen, to minimize over-the-shoulder exposure.
5. Confirm your backup by entering the requested words in the verification quiz. The device will ask you to input 4–6 random words from your list.

Never photograph the seed phrase screen. Never enter your seed phrase into any software, website, or cloud storage.

Option B: Restore an Existing Seed

1. Tap "Import Wallet" on the home screen.
2. Select BIP-39 mnemonic, then choose word count (12, 18, or 24).
3. Enter each word using the on-screen keyboard. Keystone auto-completes from the BIP-39 wordlist to reduce typos.
4. Verify the fingerprint or enter your PIN to confirm import.

---

Step 4: Configure a BIP-39 Passphrase (Optional but Recommended)

A BIP-39 passphrase — sometimes called the "25th word" — acts as a second secret that derivates a completely different wallet from the same seed. Even if your seed phrase is discovered, the attacker cannot access funds without the passphrase.

1. Navigate to Menu → Settings → Wallet → Passphrase.
2. Toggle on "Passphrase" and enter your passphrase. It can contain letters, numbers, and symbols up to 128 characters.
3. Confirm the passphrase by entering it again.
4. Note the wallet fingerprint displayed after confirmation. This is a short hex string unique to your seed + passphrase combination. Record it alongside your seed backup so you can verify the correct passphrase in the future without re-entering the full string.

A passphrase is not recoverable by any means. If you forget it, the funds in that derived wallet are permanently inaccessible.

---

Step 5: Pair the Keystone 3 Pro with MetaMask Mobile

MetaMask Mobile (iOS and Android, v7.12.0 and later) supports QR-based hardware wallet signing natively. This is the most common pairing workflow for EVM chains (Ethereum, Polygon, BNB Chain, etc.).

Requirements:

• MetaMask Mobile app installed on your phone (latest version from the App Store or Google Play)
• Keystone 3 Pro with a wallet already created (Steps 1–4 complete)
• Both devices have cameras

Pairing Steps

1. On the Keystone 3 Pro, tap the "…" menu on the home screen and select "Connect Software Wallet".
2. Select "MetaMask" from the list of supported apps.
3. Choose the account(s) you want to expose to MetaMask. The Keystone 3 Pro will display a QR code encoding your extended public key (XPUB/UR:CRYPTO-ACCOUNT format).
4. Open MetaMask Mobile on your phone. Tap the three-line menu → "Hardware Wallet" → "Keystone".
5. Tap "Scan QR code" and point your phone camera at the Keystone 3 Pro screen. MetaMask imports your extended public key and derives your Ethereum addresses without ever seeing your private key.
6. Select which account you want to use in MetaMask and tap "Unlock".

MetaMask Mobile now shows your Keystone-derived addresses as a read-only view. It can see your balance and construct transactions, but cannot sign anything without the Keystone 3 Pro physically present.

For the official MetaMask documentation on Keystone integration, see MetaMask's hardware wallet guide.

---

Step 6: Signing Transactions via QR Code

This is the core air-gapped workflow that makes the Keystone 3 Pro unique. No USB cable is involved at any point.

1. Initiate a transaction in MetaMask Mobile as you normally would: enter the recipient address, amount, and gas settings, then tap "Send".
2. MetaMask displays a QR code encoding the unsigned transaction (UR:ETH-SIGN-REQUEST format).
3. On the Keystone 3 Pro, tap "Scan" on the home screen and point its camera at your phone screen.
4. Review the transaction details on the Keystone 3 Pro touchscreen: recipient address, value in ETH, gas fee, and contract data if present. Verify each field carefully — this is your last line of defense against address substitution attacks.
5. Approve with fingerprint or PIN. The Keystone 3 Pro generates the cryptographic signature entirely offline and displays a new QR code encoding the signed transaction.
6. Tap "Scan Signed Transaction" in MetaMask Mobile and point your phone camera at the Keystone 3 Pro screen.
7. MetaMask receives the signature and broadcasts the transaction to the Ethereum network.

QR signing tips:

• Hold the Keystone 3 Pro steady in good lighting. The 4-inch screen makes QR codes easier to scan than smaller devices.
• Animated (multi-frame) QR codes are used for large data payloads like contract interactions — let them cycle completely before your phone captures them.
• Always verify the recipient address on the Keystone 3 Pro screen against your intended destination. MetaMask UI-layer address substitution via malicious browser extensions cannot affect what the Keystone 3 Pro displays, since the data arrives via QR, not over a connected interface.

---

Step 7: Firmware Updates via microSD Card

Keystone releases firmware updates for the Keystone 3 Pro on GitHub. Updates are delivered via microSD card, not USB, consistent with the air-gapped design.

1. Check your current firmware at Menu → Settings → About → Firmware Version.
2. Visit https://github.com/KeystoneHQ/keystone3-firmware/releases on your PC and download the latest .bin file.
3. Verify the SHA-256 hash of the downloaded file against the hash published on the GitHub release page using your OS's built-in hash tool (sha256sum on Linux/macOS, Get-FileHash on Windows PowerShell).
4. Copy the .bin file to the root directory of a microSD card (FAT32 or exFAT, 4 GB–32 GB).
5. Power off the Keystone 3 Pro, insert the microSD card into the slot on the device's right side, and power it back on.
6. Follow the on-screen prompt to install the update. The device verifies the firmware signature before flashing. If the signature check fails, the update is rejected and the existing firmware remains intact.
7. Remove the microSD card after the update completes and the device restarts.

Keystone's firmware is fully open-source, so you can inspect the source before updating — a significant advantage over closed-source hardware wallets.

---

Ongoing Security Practices

• Store your seed phrase backup in a physically separate, fire-resistant location from the Keystone 3 Pro device. The device alone is worthless without the seed; the seed alone is dangerous without the passphrase.
• Test your seed phrase recovery on a separate or freshly reset device before storing significant funds.
• Never share your seed phrase or passphrase with any website, app, or person claiming to be Keystone support.
• Enable the passphrase for any wallet holding material value. A seed phrase without a passphrase is a single point of failure.

---

FAQ

Q: Does the Keystone 3 Pro work with MetaMask browser extension on desktop?

The Keystone 3 Pro pairs with MetaMask browser extension via the "Hardware Wallet" option during account import. The workflow is identical to mobile: the extension displays an unsigned QR code, you scan it with the Keystone 3 Pro, and scan the signed QR back with your computer webcam. A functional webcam is required on the desktop side.

Q: What happens if I forget my PIN?

After 10 consecutive failed PIN attempts, the Keystone 3 Pro performs a factory reset — all keys and settings are wiped. You can restore your wallet by re-importing your seed phrase (and passphrase, if set) from your written backup. This is why a legible, secure seed phrase backup is non-negotiable.

Q: Can the Keystone 3 Pro be used with Ethereum and Bitcoin simultaneously?

Yes. The Keystone 3 Pro supports BTC (native SegWit, Taproot, Legacy), ETH and all EVM chains, Solana, and over 20 other blockchains as of firmware v1.1.0. Each blockchain uses a separate derivation path from the same seed. You can pair the same device with MetaMask (EVM), Solflare (Solana), and Sparrow Wallet (Bitcoin) at the same time.

Q: Is the Keystone 3 Pro firmware open source?

Yes. The entire firmware codebase is published at https://github.com/KeystoneHQ/keystone3-firmware under the GPL-3.0 license. The secure element code for the fingerprint module has a partial closed-source component from the chip vendor, which Keystone documents in the repository's README.

Q: How is the Keystone 3 Pro different from a Trezor or Ledger for air-gap purposes?

The Trezor Model T and Ledger Nano X both rely primarily on USB connections for transaction signing, though Trezor offers limited QR support via third-party software. The Keystone 3 Pro was designed from the ground up for QR-only operation — there is no USB firmware-flashing mode, no Bluetooth, and no NFC. The microSD update path is the only external data interface, and it is write-only from the device's perspective during signing operations.