Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Coldcard and Wasabi Wallet Combo
Coldcard in combination with Wasabi Wallet is one of the safest ways you can use Bitcoin.
Both Coldcard and Wasabi Wallet are open-source and have been reviewed independently to make sure there is no malware or backdoor that could compromise your Bitcoin.
The Coldcard device is extremely difficult to hack, tamper-proof, tamper-evident, using a secure element. The only purpose of the device is to protect your Bitcoin.
The private keys that control the Bitcoin are generated securely on the Coldcard device itself. Everything is encrypted and protected by multiple layers of advanced security.
You create a secret "passphrase" which is required to unlock access to your funds when you make transactions or during the wallet recovery process. It is impossible for anyone to steal your Bitcoin without this passphrase.
The Coldcard has a keypad which you will use to type in your passphrase. You never have to type in your passphrase on a computer or mobile app: everything happens directly on the device.
Even if your computer is compromised by malware which affects Wasabi Wallet, the Coldcard device will prevent unauthorized access to your Bitcoin wallet. That's what it's for.
Coldcard lets you create backups easily and securely which let you recover access to your money if your computer is damaged, lost or stolen.
Coldcard has a double-entry PIN feature which is required to unlock the device.
The device can be used securely in combination with Wasabi Wallet on your computer by connecting it via a USB cable. For maximum security, you can use a microSD card instead (called an "air-gapped" method).
See their Codebase
Additional Documentation
Telegram support group
Hardware Wallets must be used in combination with a mobile or desktop Bitcoin Wallet app
In this guide, we will teach you how to use the Coldcard in combination with a desktop application called Wasabi Wallet.
The best way to think about the Coldcard is that it is simply a sophisticated calculator that will take care of all the cryptographic algorithms that protect your Bitcoin wallet.
The device doesn't have access to the internet and does not come with a user interface.
Instead, it is designed to be connected to be used in combination with another mobile or desktop Bitcoin wallet, such as Wasabi Wallet.
To view your Bitcoin balance, to monitor your incoming transactions and to make Bitcoin payments you need access to the Bitcoin Network, which requires the internet.
The purpose of Wasabi Wallet is to connect to the Bitcoin Network and provide a nice user interface which lets you receive, send and monitor payments.
When making Bitcoin transactions, you will enter the amount you want to send and the destination Bitcoin address into the Wasabi Wallet interface, but you will also need to "plug in" your Coldcard device into your computer, unlock it with your PIN, then unlock the wallet with your passphrase directly on the device, then physically confirm on the device which amount you want to send and to which address you want to send it.
If you only want to monitor your balance or receive Bitcoin payments and monitor transactions, you do not need to plug in your Coldcard (after the initial connection). This is commonly referred to as "watch-only" mode.
Know your enemy, know yourself.
The risks of losing funds by getting hacked are very low, unless you are specifically targeted by a highly skilled attacker. You must develop a "threat model" by analyzing different risks based on different situations.
Always keep the following scenarios in mind when creating and using your Bitcoin wallet.
The most common causes of people losing their bitcoin is accidental loss and physical theft.
You forget your passphrase.
You lose your Coldcard device (or it breaks) and you don't have a backup.
Someone finds a copy of your backup and you hadn't put a passphrase.
Someone finds a copy of your backup, but you were also storing your passphrase at the same place and now they have both.
You write down your PIN and your passphrase (or you don't put a passphrase) in the same location as you keep your physical device and someone steals all of it.
Most people who lose Bitcoin simply get scammed and voluntarily send their Bitcoin to ponzi schemes. Be wary of anybody soliciting you for unsolicited investment or payment in Bitcoin.
Many people get tricked into revealing their passhprases and handing over their Bitcoin backups by fraudsters impersonating technical support for your Bitcoin wallet.
Extortion, ransom, assault
People who know you are the owner of Bitcoin may attempt to violently coerce you into handing it over to them. This is a very real risk and should not be taken lightly (it is also why Bitcoin privacy matters).
This guide will cover, in order:
Installing the desktop interface
Device initialization
Creating a Bitcoin wallet
Using passphrase security
Updating the firmware
Creating a backup to recover lost wallets
Receiving Bitcoin payments
Sending Bitcoin payments
There are also additional advanced features present throughout the guide (optional). Some are relatively easy to implement, but others required more time and resources.
By the end of this guide, you will have an interface installed on your computer which lets you receive, send and store bitcoins from your Coldcard device. Your wallet will be secured with a passphrase, and you will have proper backups in case your Coldcard is damaged, lost or stolen. You will know how to use the privacy features of your Bitcoin wallet to stay anonymous.
This is perfect if you want to buy great amounts of Bitcoin and store them privately and securely and for a long time.
The Coldcard Mk.3 is an open-source Bitcoin-only hardware device dedicated to the purpose of creating ultra-secure Bitcoin wallets and making Bitcoin transactions. It allows you to manage all of your Bitcoin private keys and access your funds securely, even if your computer or your phone is compromised.
The Coldcard is created by cypherpunks and adheres to the highest standards of Bitcoin security hardware. It is the optimal device for those seeking extreme security and individuals and businesses wishing to store several bitcoins for a long time.
Read about the benefits of self-custody.
✅Ultra-secure access with pin and passphrase
✅Fully open-source and heavily reviewed
✅Easy backup and secure recovery
✅Bitcoin-only firmware
✅Advanced transaction features
✅Plausible deniability options
✅Great for long-term storage
✅Perfect for day-to-day usage of large amounts
✅Very reputable and renown team
✅Setup time: 60 minutes
❌Requires shipping
❌Less convenient usage
Note
The Coldcard device is designed to be used in combination with laptop or mobile Bitcoin software wallets. Our recommendation is to use the Coldcard in combination with the Wasabi Wallet desktop app.
Buying Bitcoin from a non-custodial exchange.
Ability to transact with Bitcoin on a laptop (funding exchanges, making payments).
Storing Bitcoin with backups for long-term before upgrading to a hardware wallet.
Managing different wallets for different purposes.
Transact easily using the QR code capabilities.
A Coldcard Mk.3 (buy here)
A USB-A to micro USB cable
A microSD card (32GB or less)
An adapter to connect the USB-A cable and/or the microSD card to your computer
A desktop or laptop computer with one of the following operating systems:
MacOS
Windows
Debian / Ubuntu
Linux
Paper and pen for the wallet backup process
60 minutes of your time
An internet connection
Inspect that the sealed bag hasn’t been tampered with;
Open bag and remove its contents;
Make sure the serial number inside of the bag matches the one on the outside;
Using the USB-A to micro USB cable, plug the Coldcard to your computer;
Use the USB adapter if necessary.
Make sure the number displayed on the device screen matches the one on the bag;
Accept Terms of Service.
Entering this is a two-step process. The PIN is composed of two parts, the prefix and the suffix. Use at least 4 numbers for each half of the PIN.
PIN example: 10101-1971
After entering the prefix, two words will be generated and displayed on the device. These are known as your anti-phishing words. The same two words are supposed to appear each time you enter the prefix. The purpose of these words is checking that the Coldcard has not been compromised and is safe for you to use before entering in the rest of the PIN.
Enter the PIN prefix;
Write down the two anti-phishing words;
Enter the Suffix (second half of your PIN);
Confirm your PIN Prefix and Suffix.
The next step involves choosing a PIN for the Coldcard device. The pin is the first layer of security that prevents unauthorized access to the device, should it fall into the wrong hands. This PIN is extremely difficult to hack.
If you lose the PIN, you will lose access to the device. However, you will be able to recover access to the Bitcoin using your Bitcoin backup and your passphrase (see below).
Write down the PIN you want to use before entering it in your Coldcard.
Use at least 4 digits for each half of the PIN (8 in total).
The PIN is required every time you want to use the Coldcard.
Ideally, create a unique PIN that nobody can guess but that you can remember.
If you lose the PIN, you lose access to your Coldcard forever.
You cannot change your PIN.
If you want to change your PIN, you will have to start the process all over again.
Updating the firmware is essential to making sure that your Coldcard is not vulnerable to any new attack vectors.
Insert microSD card in computer (often it will appear as “NO NAME”);
Download latest firmware version from here onto microSD card;
Eject microSD card and insert it in your Coldcard;
To view your current version on your Coldcard, select “Advanced” > “Upgrade” > “View Version”.
4. Select “Advanced” > “Upgrade” > “From MicroSD card” > select the .dfu file.
5. Enter PIN code once upgrade is complete.
You don't need to update the firmware each time you want to receive funds. However, it's important to make sure it's up to date before sending bitcoin.
You will be back on the Coldcard's main menu, stay there until you read the instructions on the next page.
Now that your device is up to date with the latest firmware, we will proceed with the actual creation of your wallet.
You will need to download https://gpgtools.org/ in order to complete the PGP signature verification.
Open https://raw.githubusercontent.com/Coldcard/firmware/master/releases/signatures.txt to view its contents.
Open the Terminal, navigate to the directory where you saved the firmware and use the command shasum -a256 20...-coldcard.dfu
and hit the 'Enter' key on your keyboard.
The file should be in your downloads folder, so type cd downloads
in the Terminal in order to go to that directory.
The 20...-coldcard.dfu
component is the name of the latest upgrade, make sure to enter the name of the file in full.
Compare the result in your Terminal with the line of text in the signatures.txt
file next to the firmware version you saved (it should be the one found directly under the ChangeLog.md
line).
The hash is confirmed if the values are the same.
Save the signatures.txt file in the same location as the new firmware file.
This should be in the 'Downloads' folder.
To save it, right click on the page and select 'Save page as'.
Save the public key 4589779ADFC14F3327534EA8A3A31BAD5A2A5B10
as a .txt
file in the same location as the firmware and signatures.txt
files.
To save it, right click on the page and select 'Save page as'.
Open GPG Keychain.
Click the Import button and navigate to the file saved in step 2 called lookup
. Select the file and click Open. A pop-up message should appear saying "Import successful".
You will have the fingerprint from Peter D. Gray
Open Terminal and make sure you are in the correct directory by typing cd downloads
Enter gpg --verify signatures.txt
in the Terminal.
The output in Terminal should include Good signature from...
and should include the following RSA key : 4589 779A DFC1 4F33 2753 4EA8 A3A3 1BAD 5A2A 5B10
It is normal to see WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner.
You can ignore this, the signature has been verified!
Open signatures.txt so you can view its contents.
Use the command line to navigate to the directory where you saved the firmware and enter the command sha256sum 20...-coldcard.dfu
.
The 20...-coldcard.dfu
component is the name of the latest upgrade, make sure to enter the name of the file in full.
Compare the result in your Terminal with the line of text in the signatures.txt
file next to the firmware version you saved (it should be the one found directly under the ChangeLog.md
line).
The hash is confirmed if the values are the same.
Save the signatures.txt file in the same location as the new firmware file.
On the command line, enter curl "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xA3A31BAD5A2A5B10" | gpg --import
to import the public key.
Next, enter gpg --verify signatures.txt
to verify the file's signature versus its content.
The command output should include Good signature from...
.
It is normal to see WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner.
You can ignore this, the signature has been verified!
These instructions use Kleopatra, which is a part of Gpg4win (GNU Privacy Guard for Windows). You only need the GnuPG Privacy Guard and Kleopatra components to verify the PGP signature.
Kleopatra requires you to have an OpenPGP signature to complete verification. If you don't have a signature to import, you can make one in Kleopatra.
Open signatures.txt so you can view its contents.
Open Command Prompt and enter certutil -hashfile C:\..\20...-coldcard.dfu SHA256
, where C:\..\20...-coldcard.dfu
is the full path to the saved firmware file.
The 20...-coldcard.dfu
component is the name of the latest upgrade, make sure to enter the name of the file in full.
Compare the output values in Command Prompt with the line of text in the signatures.txt
file next to the firmware version you saved. The hash is confirmed if the values are the same.
The hash is confirmed if the values are the same.
Save the text from signatures.txt with an .asc
file extension in the same location as the saved firmware file. Do not save the file as .txt
, Kleopatra will not recognize it.
Save the public key 4589779ADFC14F3327534EA8A3A31BAD5A2A5B10
as an .asc
file in the same location as the firmware and signatures.asc
files.
Open a browser and go to keybase.io/DocHex. Click on the text next to the key icon to open the public key window. You will need this window for a later step.
Open Kleopatra and click Import...
.
Navigate to the public key .asc
file and open it.
You will be asked to check the fingerprint of the file and given suggested options. The Keybase public key window is the trusted website. Click Yes
.
A Certify Certificate window will show the file's fingerprint, your certification, and the fingerprint's owner - in this case, Peter D. Gray. Resize or reposition the Certify Certificate window and the browser window opened in step 3 so you can see them both at the same time.
Make sure the fingerprints in each window match and click Certify
. If you have a passphrase on your certificate, you'll be asked to enter it. A pop-up box should appear saying, "Certification successful." Click Ok
.
Click Decrypt/Verify...
and open signatures.asc
.
Kleopatra will verify the signature. You may save or discard the file Kleopatra generates, it is not needed.
The signature is verified.
The Coldcard uses a random number generator for creating your Bitcoin backup. You can avoid using this if you are wary that it might be compromised or if you wish to input your own source of entropy by rolling a six-sided dice.
Roll your dice 100 times in order to achieve 256 bits of entropy.
Before we attempt the dice rolls in their entirety, we will make sure that the Coldcard isn't duping us into believing that the entropy that we provided is legitimate and they are somehow providing us with a random-looking number that isn't actually random.
Using a pen and paper, note down the results of 6 dice rolls
In the main menu, select 'Import Existing'
Select 'Dice Rolls'
Using the Coldcard's keypad, enter the results you obtained by pressing on the corresponding numbers (1 to 6)
The Coldcard will produce 24 words, write them down
Open the Terminal or Shell of your computer to input a command line
Enter one of the the following commands :
Replace '123456' by the dice roll numbers you obtained
Verify that the hash value output matches that on the Coldcard device screen.
Now we want to verify that the hash value really generates the same 24 words.
Save the script found here: https://coldcardwallet.com/docs/rolls.py
In your Terminal, change the directory to where the above file is saved
Run the following command, using the same dice rolls used for your test by replacing the '123456':
Verify that the 24 words output in your Terminal matches those on your Coldcard!
If they match, then you are good to go with the complete dice roll process.
Using a pen and paper, note down the results of 100 dice rolls
In the main menu, select 'Import Existing'
Select 'Dice Rolls'
Using the Coldcard's keypad, enter the results you obtained by pressing on the corresponding numbers (1 to 6)
The Coldcard will produce 24 words, write them down
You now have your 24 word backup generated using your own source of entropy!
This is an advanced feature that requires you to write down and safe-keep an additional set of 12 words.
You will need an additional microSD card in order to create an ecrypted backup of your 24-word seed phrase, as well as a pen and paper.
Make sure that your Coldcard is unlocked with your PIN;
Insert the new microSD card into your Coldcard;
In your Coldcard go to "Advanced" > "Backup" > "Backup System";
Write down the 12 words in the order in which they are displayed on a piece of paper.
These words are unrelated to your 24-word backup.
In your Coldcard, go to "Advanced" > "Backup" > "Verify Backup".
This is useful for verifying that the backup file on the microSD card was not damaged or written incorrectly.
You must have at your disposition either a new Coldcard or one with no wallet generated (the Backup has been wiped from the device).
In your Coldcard, go to "Advanced" > "Backup" > "Restore from backup".
You will still need your passphrase to access your funds!
Using the Seed XOR function in your Coldcard allows you to separate your original seed phrase into two parts, each looking like it’s own 24-word seed phrase. Combining them will produce your original 24-word seed phrase.
You will need both parts generated with Seed XOR in order to recover your original seed phrase.
You will also need your passphrase to access the wallet containing your funds.
Each Seed XOR component can also function as a Bitcoin seed phrase. You can keep some funds on it to satisfy a potential attacker or to alert you that your storage is compromised if someone finds it and takes the funds held on it.
Steps for Seed XOR
We will be splitting the main seed phrase into two parts.Steps:
Select Advanced
Select Danger Zone
Select Seed functions
Select Seed XOR
Select Split existing seed
Press 2
Press OK
If any parts are lost, then funds are lost if you do not still have in your possession your Coldcard or the original seed phrase with the passphrase.
Make sure to store the 24th word of your original seed phrase alongside both parts obtained through Seed XOR. This allows you to be sure you've gotten all the parts and assembled them correctly.
Take out a pen and paper
Two lists of words (A and B) will be generated. Write down each list in their respective order.
Press on the checkmark when done.
Complete the test to make sure that you have correctly written them down.
The seed is now split into two parts!
Two-part PIN on the Coldcard device
Seed Backup recovery codes
Wallet passphrases
The Seed Backup allows you to recover your Bitcoin wallets
Your Passphrase allows you to unlock the recovered Bitcoin wallets
The PIN protects unauthorized access to your Coldcard device, should it fall into the wrong hands.
They will be able to unlock the device, but they will not have access to your Bitcoin wallets without the Passphrase
They will not be able to recover your Bitcoin wallets without the Passphrase.
The next step involves entering a passphrase. This prevents you from getting your funds stolen if someone gets access to your device and its PIN or to your 24-word backup. Before doing this step, please read below to know some important basics.
It acts as a password that you add on top of your wallet backup (24-word seed phrase).
You can create as many passphrase-protected wallets as you like, with each new passphrase generating a completely new wallet.
The default wallet does not have a passphrase, adding one gives you plausible deniability, meaning that you can unlock the device normally containing no to little funds, with the majority of your bitcoin in a passphrase-protected wallet.
If someone comes into contact with your 24-word seed or digital backup, they won’t be able to steal your funds since they also need the passphrase to unlock the funds.
Write down the passphrase you want to use before entering it in your computer.
The passphrase is required every time you want to spend the funds from your Coldcard.
Use a combination of words as a passphrase to have less trouble remembering it.
Use at least 12 characters in your passphrase, 24 characters offer more security.
If someone has access to your PIN and Coldcard, the passphrase will prevent them from taking your Bitcoin.
Create a unique passphrase that nobody can guess but that you can remember.
If you lose the passphrase, you lose access to your Bitcoin forever.
You cannot change your passphrase.
You can only create a new one, which in turn will generate a new wallet.
The passphrase is required to recover your access to your Bitcoin if your Coldcard is damaged, lost or stolen.
In your Coldcard device go to:
Advanced
Danger Zone
Seed functions
Seed XOR
Restore Seed XOR
OK
Enter the words from list A
At the 24th word, The Coldcard will display a short list of words for you to choose the correct word from.
Repeat for list B
You must have both parts in order to restore your seed phrase. The order in which you enter them (either seed XOR A or B) does not matter.
The imported seed XOR will only remain temporarily.
You will be asked if you want to use the existing seed by pressing on 1 - DON’T, press OK
Follow the instructions below if you are restoring your seed on a new, uninitialized Coldcard device.
Import Existing
Seed XOR
Enter one of the parts (lis A or B)
When done, press on 1 to enter the next part
Enter the other list of words
Confirm that the 24th word of your original seed phrase is correct
Press 2 to complete the import
To verify the imported seed:
Use this to see the backup stored in the device and if it matches the original that you have written down.
Advanced
Danger Zone
Seed functions
View Seed Words
OK
It is possible to recreate your original backup using the two seed XOR word lists by hand. Follow the intructions below to do so:
Once lists A and B have been written down in the worksheet, use the table in your worksheet to complete the A + B row.
To do so, associate the hex digits of each word from list A with those from list B.
Whether you look up the row or column first does not change anything since it will produce the same value.
Enter the digit that you obtain from the table in your worksheet. At the end of the process, you will have a new hex code.
Using the wordlist and the newly generated hex codes, retrieve the words that form your seed phrase.
Before you create a backup for your Bitcoin Wallet, make sure to understand what you are doing by reading this section.
The most important job of a Bitcoin Wallet is generating and managing cryptographic private keys which allow you to control your Bitcoin. The keys are generated and stored on the device itself.
Creating a backup means exporting these keys from the device and making a physical copy of them.
If the device on which your Bitcoin private keys are stored is lost, broken, stolen or otherwise inaccessible, you can import the physical backup into a new device and your Bitcoin will be recovered there.
A Bitcoin backup consists of a series of 24 words generated randomly by the Coldcard’s secure element.
These words, in combination with your passphrase, allow you to recover access to the keys of your Bitcoin wallet in case you lose them.
If you do not have a backup and you lose access to the Coldcard, you will lose access to the Bitcoin permanently.
If you have a backup but you forgot the passphrase, you will lose access to the Bitcoin permanently.
If someone finds the backup of your wallet, they cannot steal your money unless they also know your passphrase.
Never store your passphrase in the same place as your backup. If someone finds the backup and they also know your passphrase, they will be able to take your bitcoin.
The first step to creating a wallet is creating the wallet backup. The reason Bitcoin wallets do this is to make absolutely sure that you created the backup before adding money to the Bitcoin wallet.
Select “New Wallet”.
Get a pen and the piece of paper that has been provided.
Write down the 24 words that are displayed on the Coldcard in their correct order - this is your private key.
Take your time and write them down correctly.
Make sure that the words are easily readable and in the correct order.
Make sure the number in front of each word corresponds with what is displayed on the device.
Triple check to make sure.
Triple check to make sure.
Triple check to make sure.
Find a secure way to store it.
Get creative!
You can do two backups and store them in different places.
You can store your backup on metal, like this one.
If Coldcard or Wasabi wallet suddenly go out of business and they remove their device and application respectively, having your backup will allow you to still have access to your funds.
12. Complete the test to confirm that you have correctly written down the words by pressing on the number that corresponds to the word that is asked of you.
We will need to download Wasabi Wallet in order to interact with the wallet our Coldcard has generated for us.
Download Wasabi Wallet from wasabiwallet.io (download links below):
Launch the Wasabi app on your desktop.
Accept Terms of Conditions
Now all that's left is to connect the Coldcard to your computer so that you can interact with it.
This function effectively destroys your original BIP-39 seed in the Coldcard's secure element and replaces it with the extended private master key (XPRV) value for your seed words and passphrase. You end up with a BIP-32 HD wallet.
You no longer have the passphrase option on your Coldcard. You no longer need to enter a passphrase in order to access the passphrase-protected wallet.
Select Advanced
Select Danger Zone
Select Lock Down Seed
Read the confirmation message on your screen
Press OK (✔) to confirm. Your COLDCARD will restart to lock down the seed.
Enter your PIN. The Passphrase
option will not appear in the menu.
Make sure to check the Master Key Fingerprint as this is your wallet's XFP. Select Advanced > View Identity
to verify it is correct.
New backup files will show the XPRV (extended private key) as the wallet secret. The seed words are no longer known to the COLDCARD, so they do not appear in the backup file.
You may need to create multiple wallets based on the same seed words for delegation to other people. Save a backup file from the default wallet created by your set of seed words. Get the required number of COLDCARDs, choose
Import Existing
during setup and load the same backup file onto each of them. Give each COLDCARD its own passphrase and then lock down the seed. Your seed words will not be known to any of the devices and remain secure. -
Write down the passphrase you want to use before entering it in your computer.
Select “Passphrase”.
Select the following:
Add Word
You will have a selection of words to choose from, taken from the .
Select at least 4 different words, and choose up to 12.
Find the word you want by first selecting its first letter. You will also have the option to add a space before or after the word and if you want to use upper or lower case letters.
Once entered, select “APPLY”.
A new wallet identifier, also called a fingerprint, will be created. Note this down.
Press on the check mark.
You must enter the passphrase each time you want to access the passphrase-protected wallet, else you will be in the default, or passphrase-free, wallet.
Using this , enter the words from the two lists that have been generated using seed XOR on your Coldcard.
Using this , write down the 3-digit hex code associated with each word in your worksheet.
The formula behind using Wasabi 2.0 is the following : Receive, wait, spend.
Thanks to the minimum amount for participating in a CoinJoin round is 5000 sats and greater efficiency improvements, the wallet automates Coin Control, selecting coins that are private is there is sufficient balance in coins that are private.
When the private balance is insufficient, you are presented with options to adjust the payment amount in order to avoid change, decrease transaction fees and improve future privacy.
Coin Control can still be manually activated by pressing Control + D + C
keys.
With PGP signatures you can verify that the software package you download is actually the one by the developers.
Every release of Wasabi is signed by zkSNACKs, the company behind Wasabi.
You can verify that the PGP public key 6FB3 872B 5D42 292F 5992 0797 8563 4832 8949 861E is actually the one of zkSNACKs.
This protects you against malicious man in the middle attacks where bad guys give you a fake version of Wasabi with malicious code.
Steps:
On the Wasabi download page, click on 'SIGNATURE' under the operating system that you are using.
Open your terminal and go to the directory that contains the file.
Verify the signature by typing the following in your terminal window:
gpg --verify Wasabi-1.1.13.deb.asc
for Debian / Ubuntu
gpg --verify Wasabi-1.1.13.dmg.asc
for MacOS
gpg --verify Wasabi-1.1.13.msi.asc
for Windows
gpg --verify Wasabi-1.1.13.tar.asc
or gpg --verify Wasabi-1.1.13.gz.asc
for other Linux
If the PGP key in your terminal matches the one above, then you are certain that the software is authentic.
This feature enables you to verify the addresses generated by your Coldcard within the device itself. You can view, export and scan the addresses controlled by the device.
It is accessible directly on the main screen under the Passphrase option.
Use this feature to verify that the wallet application that you are using to display the wallet generated by the Coldcard is not compromised and that you are effectively using the wallet that you created.
Using this feature can help give you peace of mind each time you receive bitcoin in your Coldcard.
This feature enables a secondary PIN in order to unlock your Coldcard device in case you are being coerced into unlocking it.
Once unlocked using the duress PIN, you will arrive in a wallet different than your original one, where you can store some of your funds in order for a potential attacker to be satisfied and leave you alone.
There are ways for an attacked to tell that you have only given them access to a duress wallet, but they must be technically skilled to do so.
The duress wallet acts like a normal wallet on your Coldcard. However, it is derived from the main wallet.
You main wallet backup will also include the duress wallet and funds.
Go to Settings
Go to PIN Options
Select Duress PIN
Enter PIN prefix and note down the anti-phishing words
Enter PIN suffix
Confirm the PIN once more
Entering 999999-999999 will clear the existing duress PIN, if any.
To recover funds from the "duress wallet", import your original seed words into a new Coldcard, and assign a duress PIN again. Then login to the duress wallet and re-import that into your desktop wallet.
Alternatively, if you have the 7Z encrypted backup file, decrypt that and import the xprv shown inside for the duress wallet. You could also calculate the extended private key based on the seed or xprv of the real wallet.
BIP32 subkey paths are used to derive the duress wallet, if m was your real wallet, the duress wallet will be found at:
m/2147431408'/0'/0'
When you login with the duress PIN, the real PIN failure counter cannot (and should not be) reset. The display of that count is suppressed if the duress PIN was recently used.
When enabled, entering this special PIN will activate your Coldcard's self-destruct feature. All elements and information stored on the device will get destroyed and your Coldcard will be rendered useless.
This process is irreversible! Once activated, the Coldcard can no longer be used.
Please be careful with the Brick Me PIN. The destruction process is quick and irreversible. The Coldcard should be discarded.
Go to Settings
Go to PIN Options
Select Brick Me PIN
Enter PIN prefix and note down the anti-phishing words
Enter PIN suffix
Confirm the PIN once more
Entering 999999-999999 will clear the existing Brick Me PIN, if any.
This feature forces a time delay when logging into the Coldcard. Once you entered your PIN correctly, you must wait for the predetermined time delay before you can log into your Coldcard.
This feature can be useful against an attacker, since the timeline of their attack would be greatly extended and present greater risk for them to get caught.
Choose between 5/15/30 minutes, 1/2/4/8/12 hours, and 1/2/3/7/28 days.
Steps:
Go to Settings
Select Login Countdown
Select time you wish to use for your login countdown
You must provide continuous power to your Coldcard device for the timer to elapse!
You can also interact with the wallet generated by the Coldcard without ever connecting the device to a computer. In this case, your Coldcard is air-gapped.
In this step, we will be connecting the wallet generated in your Coldcard to Wasabi wallet to view your wallet balance, send and receive Bitcoin, without ever directly connecting your Coldcard to the Wasabi Wallet software.
You use a power-only cable to power up your Coldcard (you can use your computer as a power source since there is no data transfer between the devices);
You power up your Coldcard by using a wall outlet or battery pack.
A microSD card (32GB or less)
We will be uploading the wallet file using the microSD card as to ensure that there is no direct connection between the Coldcard and other devices connected to the Internet.
Insert the MicroSD card into your Coldcard
With the Coldcard unlocked, select Advanced
Select MircroSD card
Select Export Wallet
Select Wasabi Wallet
The wallet file named "new-wallet.json"
will be written on the MicroSD card.
Steps for connecting to Wasabi Wallet:
Insert the MicroSD card in your computer
Open the Wasabi Wallet application on your computer
Select the Add wallet
from the left-hand menu
Click the Import a wallet
button
Select the "new-wallet.json"
file from the MicroSD card
Click on Open
.
Here are the steps for sending bitcoin from your Coldcard wallet in an air-gapped fashion by using the MicroSD card.
Click on ...
in the top right corner and select Wallet Settings
.
Active the PSBT workflow
option and click on Done
.
Click on Send
in the top right corner.
Insert the recipient's bitcoin address to the right of the To
field.
Enter the amount you wish to send.
You can switch between BTC and USD denominations using the arrows.
Click on Advanced options to enter a custom fee rate (this can also be adjusted later).
Click on Continue
.
Enter a label to identify the recipient and click on Continue
.
Verify that the information is correct and click on Save PSBT file
.
You can adjust the fee rate by clicking on the clipboard icon.
You have a sliding bar to adjust the fee amount depending on how quickly you want this transaction to be accepted by the network. There are several methods of looking up the current fee rate, one being.
Enter a name for the file and save it to the microSD card.
Eject the microSD card and insert it in the Coldcard.
On the Coldcard, select Ready To Sign
.
Verify the transaction details on your Coldcard and confirm the transaction by pressing on the checkmark.
Once the transaction signed, remove the microSD card from the Coldcard and insert it into your computer.
In Wasabi Wallet, select Broadcast
and then select the file ending in -signed.psbt and select Confirm
.
The wallet might present you with tips for increasing the degree privacy of you transaction. Just hover over the shield icon in the Preview Transaction module to see what you can do.
The outbound transaction will appear in your Dashboard and the balance will also be updated.
Click on Send
in the top right corner.
Insert the recipient's bitcoin address to the right of the To
field.
Enter the amount you wish to send.
You can switch between BTC and USD denominations using the arrows.
Click on Advanced options to enter a custom fee rate (this can also be adjusted later).
Click on Continue
.
Enter a label to identify the recipient and click on Continue
.
Verify that the information is correct and click on Confirm
.
You can adjust the fee rate by clicking on the clipboard icon.
You have a sliding bar to adjust the fee amount depending on how quickly you want this transaction to be accepted by the network. There are several methods of looking up the current fee rate, one being mempool.space.
The wallet might present you with tips for increasing the degree privacy of you transaction. Just hover over the shield icon in the Preview Transaction module to see what you can do.
The outbound transaction will appear in your Dashboard and the balance will also be updated.
Click on Receive
(top right corner).
Enter a label for this address. You should write what the payment is for or who it is from in order to keep track of your transactions and who could potentially be tracking them.
Click on Continue
.
Wasabi wallet will generate a new address for you every time. Selecting Unused Receive Addresses
will display other addresses that generated in the past, but have yet to receive funds in them.
Use the QR code or address displayed (it is automatically copied to your clipboard) to receive funds.
When hovering over the QR code, a save option appears to the right, allowing you to download a .png
file.
You can also click on the icon to the right of the address string to copy it.
Once a payment is received, it will appear in the dashboard and your wallet balance will be updated.
In this step, we will be connecting the Coldcard to Wasabi Wallet to view your wallet balance, send and receive Bitcoin.
Make sure your Coldcard is connected to your computer and that you have accessed the passphrase protected wallet on the device.
In Wasabi wallet, select Add wallet
.
Select Connect to hardware wallet
.
Enter a name for your wallet and click on Continue
.
If the device isn't immediately detected, click on Rescan
.
When your Coldcard is connected, click on Yes
and then proceed to open the wallet.
We will be using the BIP-85 feature in the Coldcard to create the wallet we wish to use in Wasabi for their CoinJoin protocol.
Steps:
Select 'Advanced'
Select 'Derive Entropy' and read the displayed message. Press OK to continue.
Select the 12 word backup format.
Enter an index number. This can be any number between 0 and 9999. Write down this index number in case you need to recover this seed in the future. Press OK when you're done.
The derived seed value and other information will appear on the screen. Scroll down to see the available options.
Press 2 to use the derived seed
In the Coldcard main menu, select Passphrase.
Enter a passphrase (see for steps).
Open the Wasabi Wallet app.
In the 'Wallet Manager', select 'Recover Wallet'.
Enter the 12 words obtained from your Coldcard.
Enter your passphrase in the password box.
Click on 'Recover'.
Double-click on the wallet in the right-hand menu to open it.
You now have a wallet generated by your Coldcard to use with CoinJoin.
With , you can derive multiple Bitcoin keys from your single, primary backup.
"One Seed to rule them all, One Key to find them, One Path to bring them all, And in cryptography bind them."
Using the Coldcard, you can create multiple additional backups, different from the original created during the device initialization. The entropy is derived using the Coldcard backup and can be imported into other wallets.
This is a deterministic process, so you can recover these new wallets using the Coldcard's original backup. One cannot reverse a new bitcoin wallet created with BIP-85 to obtain the Coldcard's original backup.
The derived wallet is completely separate from the COLDCARD so your original wallet and any other derived wallets will still be safe.
Available export formats:
BIP-39
12 seed words
18 seed words
24 seed words
WIF (private key)
XPRV (BIP-32)
Hex
32 bytes
64 bytes
Select 'Advanced'
Select 'Derive Entropy' and read the displayed message. Press OK to continue.
Select a backup format.
Enter an index number. This can be any number between 0 and 9999. Write down this index number in case you need to recover this seed in the future. Press OK when you're done.
The derived seed value and other information will appear on the screen. Scroll down to see the available options. The options available depend on the chosen seed format:
Press 1 to save the value to a microSD card
Press 2 to use the derived seed, temporarily, on your COLDCARD (BIP-32 and BIP-39 only)
Press 3 to show the value's QR code
Import the derived seed into the wallet of your choice.
If you forget the index number, it's possible to search for the correct index because there are only 10,000 possible choices.
Derived XPRVs or BIP-39 seed words (12, 18, or 24) can be used on another COLDCARD.
You can use this feature on a seed with a . However, access to the derived seed will require that same passphrase in the future if you ever need to restore it. This can complicate the recovery process, so you may want to avoid deriving entropy from passphrase-protected seeds by using the Derive Entropy
function before entering your passphrase.
Temporarily using the derived seed on your COLDCARD allows you to sign PSBT files associated with the derived wallet. The key stays in effect until next you turn off the COLDCARD or log out. You will probably need to consult in order to build specialized PSBT files for recovery purposes.
This feature helps protect from cameras and other observers by randomizing the numbers for entering the PIN on the display.
Steps:
Go to Settings
Select Scramble Keypad
Press OK
Your keypad will now be scrambled!
This is to operate your device in a complete airgapped manner in case you do not have a power-only USB cable, since the data communication from the Coldcard will be deactivated as soon as this function is enabled.
Steps:
Go to Settings
Select Disable USB
Once activated, this feature will turn off the Coldcard after a predefined amount of time has elapsed.
You can set it to different values between two minutes and eight hours, or disable the idle auto-logout function completely.
Steps:
Go to Settings
Select Idle Timeout
Select time
Default timeout period is 4 hours
Write down your 24 words clearly and in the correct order.
Try to use a mix of uppercase and lowercase letters, numbers, and special characters in your passphrase.
You can use a password manager to do this.
Triple check that all of the information is correct.
Be in a private, safe location with no one else around.
Take your time to go through the steps.
Use publicly known information for your password.
Use a password that you’ve used before.
Use a public network or computer for the generation of your wallet.
Store your backup and passphrase and PIN together.
Keep your backup or passphrase out in the open.