In plain terms: two different things have to be trustworthy. (1) This web page — it handles your Wi-Fi password, so it's locked down to make zero network requests (open DevTools → Network and you'll see nothing leaves your browser; the connect-src 'none' security policy enforces it). (2) The device — anyone nearby could run a fake "Cognitum" gadget, so before you hand it anything, Step 2 makes the device mathematically prove it's really yours.
Web Bluetooth isn't available in this browser.
Use desktop Chrome or Edge (or Chrome on Android). Safari and Firefox don't support Web Bluetooth.
In plain terms: only Chrome-family browsers can talk to Bluetooth gadgets from a web page. You can still explore the flow below with Try the demo.
This page must be served over HTTPS. Open the deployed URL, don't double-click the file.
1. Connect to your Seed Disconnected
Power the Seed on (a USB charger is fine — it doesn't need your computer) and give it ~1 minute to start advertising over Bluetooth.
When the browser dialog opens, pick the device named cognitum_….
In plain terms: your laptop keeps its normal internet the whole time — Bluetooth is a separate radio. That's why this page can load and talk to the device at once (a Wi-Fi-hotspot approach would knock you offline). No cable, no certificate, no port confusion.
2. Prove it's really your Seed Unverified
This asks the device to sign a random number that only the genuine Seed's private key can sign — then checks the result, and matches its fingerprint to the code printed on your device.
In plain terms: it's like checking ID. (a) The Seed shows its public key. (b) We send it a brand-new random number and ask it to "sign" it; only the real Seed holds the secret key that can produce a valid signature — a fake can't fake this. (c) We turn its public key into a short fingerprint and you check that it matches the code printed on your actual device. If a look-alike nearby tried to impersonate it, the fingerprint wouldn't match and the signature wouldn't check out.
This device's fingerprint:
—
Does this match the fingerprint printed on your Seed (or its QR sticker)?
3. Put it on Wi-Fi Not connected
So the Seed can reach the internet for updates. Only unlocked after the device is verified.
In plain terms: you pick your home network and type its password. That password travels only over the short-range Bluetooth link to the Seed — this page can't send it anywhere else (that's the connect-src 'none' rule from the top).
Activity
About this prototype
A single static HTML file, no dependencies, no servers. It uses
Web Bluetooth
to talk to the Seed's GATT service and the built-in
Web Crypto
(Ed25519) to verify its identity — no crypto libraries. The Seed firmware would need to expose the matching
GATT characteristics. Demo mode generates a real Ed25519 keypair in your browser so the verification math actually runs with no hardware.