I wondered how Mike kept the keys erased. He was stopped by US department maybe the US state has access to private keys. It's just my thought. Maybe someone has better information
Here ya go from Mike Caldwell's site....
https://www.casascius.com/faq.aspxQ.
Do you keep a copy of the private key? Who has had access to the private keys?A. I did not keep the private keys, and I am the only person who has ever had control over the private keys. I have either inserted the private keys into the coins myself, or have directly supervised others doing the same. On the series 1 coins, the hologram manufacturer pre-printed the addresses onto the hologram labels, but they were only given the 8 characters you see, not the private keys themselves.
Q.
It's impossible to prove you didn't keep the private keys, and with all the Bitcoin scams lately, why should I believe you?A. I have given out my real-world identity and have digitally signed a list of the Bitcoin addresses used in this project. I have made it so that it if I were to perpetrate a scam, it would be possible to prove it and to hold me legally accountable - something no scammer wants to do. You should demand the same from anyone handling your cryptocurrency.
Private key generation, preparation, and storageSynopsis: Private keys must be generated securely in order to prevent the possibility of theft by hackers, and copies must be controlled to prevent accidental discovery. In addition, private keys must be produced accurately, and must properly correspond to the Bitcoin addresses on the outside of the physical item.
Objectives:
Ensure that there is no possibility of access to private keys via "hacking".
Ensure that private keys are generated using a suitable random number generator, so they cannot be predicted in the future.
Ensure that the key generator consistently produces valid keypairs.
Ensure that each private key is only printed exactly once.
Ensure that each private key is legible and complete.
Ensure that each private key properly corresponds to the address on the outside.
Controls:
Private keys are always produced on a dedicated computer that is set up temporarily for this purpose. This computer is never connected to the Internet at any point during the production process.
The operating system for this computer is freshly installed for this purpose, as well as all of the software that will be used. For all Casascius Physical Bitcoin addresses produced in 2011, Windows 7 was used, and Microsoft Access was used to manage the key list and to render them to paper. A custom application is used for generating the Bitcoin addresses to a text file. Moving data between the key generation computer and other computers is accomplished via removable USB flash drives that have never been used for any prior purpose. At no point is private key material ever copied to drives based on flash memory technology, not even temporarily. The key generation machine itself is equipped with one 80GB mechanical hard drive with magnetic rotating platters.
The random number generator used is the Microsoft secure random number generator in the System.Security.Cryptography namespace of the Microsoft .NET 4.0 Framework. In addition, the custom application also asks for a "mash" of characters from the keyboard of no fewer than 50 characters, each time the application is run, which is answered with a string of non-memorable characters by "spidering" fingers around the keyboard. The application generates a second pseudo-random byte stream using the SHA256 hash algorithm on this "mash" plus an incrementing nonce, and this second random number stream is combined with the first one using modular addition before being used as key material. The "mash" string is never kept.
Integrity of the calculation process, including the elliptic curve mathematics that convert the private key to a Bitcoin address, was checked by using the same custom application to convert private keys generated on other platforms to ensure it consistently calculated the same Bitcoin address as elsewhere. In order to confirm the program works as expected, two sets of dummy keypairs were produced externally and exported to text files, and then the custom application was used to recreate the Bitcoin address from the given private key to ensure it matched the Bitcoin address. A set of keypairs generated by the official Bitcoin client (0.3.20, with dumpwallet patch), as well as a set created by v0.5 or later of the script at BitAddress.org, were tested in this manner.
After the addresses have been generated and printed to paper, the entire operating system installation is completely destroyed by booting the machine to a Linux Live CD, and executing cp /dev/zero /dev/sda until the command reports "No space left on device". This procedure is repeated three times. Afterwards, the drive is typically overwritten with a new operating system, and used for some other temporary purpose.