Posted on Leave a comment

Transactions with the Coldcard hardware wallet

Cold Card

Recently I had to move the BTCs from the Coldcard hardware wallet to another destination, for this I had several options, one was to import the seed and passphrase it into another wallet such as Wasabi or Electrum as indicated in this post “Import verification of Coldcard seed and passphrase at Electrum and Wasabi” but in the end I preferred to send them using the transaction  PSBT (Partially Signed Bitcoin Transactions) that allows the operation of the shipment while maintaining the private keys off-line, that is, without being exposed to the Internet in no time.

In the Coldcard

  • Enter the two pins and make sure you have inserted the passphrase and applied it (APPLY) it is interesting to check the master key fingerprint
  • Export the file with the xPub (new-wallet.json)

MicroSD → Export Wallet → Electrum wallet → Native Segwit

In Electrum

  • Enter the MicroSD of the Coldcard
  • Import the file with the public master key. Open an Electrum wallet and load the file new-wallet.json 

File → Open → File      

  • Generate the PSTB transaction. 

In the Address tab choose the source address right mouse button → Spen from 

  • Save the generated psbt file to the microSD card

In the Coldcard

  • Make sure you have inserted the passphrase and applied it (APPLY) 
  • Enter the microSD with the file with the transaction PSBT
  • Sign the transaction

Ready to sign -> “Ok to send?” 

In Electrum

  • Enter the microSD with the signed PSBT transaction

Tools -> Load transaction -> from file

  • In the Send tab indicate the address that will receive the bitcoins and send
Posted on Leave a comment

Generate private keys in Bitcoin safely and cheaply

private public keys

I had started writing this post when diving online I have come across several pages of bitcoiners who had already written about the generation of keys using Ian Coleman’s BIP39 tool plus the Tails system, so I will limit myself to putting the links already specify the steps roughly.

Resources

Operational

  1. Download Tails, verify the signature and copy it to a USB. We downloaded version 4.7
wget https://mirrors.ukfast.co.uk/sites/tails.boum.org/tails/stable/tails-amd64-4.7/tails-amd64-4.7.img

Check the image

https://tails.boum.org/install/linux/usb-download/index.en.html#command-line

Copy the image

dd if=tails-amd64-4.7.img of=/dev/sda bs=16M oflag=direct status=progress
  1. Start the computer from the Tails USB and configure Internet access.
  2. Download the bip39-standalone.html file from https://github.com/iancoleman/bip39/releases

For version 0.4.3 the command would be this:

wget https://github.com/iancoleman/bip39/releases/download/0.4.3/bip39-standalone.html -O /home/amnesia/Tor\ Browser\bip39-standalone.html
  1. Remove the Internet connection from Tails.
  2. Run bip39-standalone.html from Tor-browser. 
tor-browser /home/amnesia/Tor\ Browser\bip39-standalone.html
  1. On the page loaded in the browser generate the 24 words. Entropy can be added for greater security.
  2. Generate the passphrase with 6 random words from the Long Diceware Wordlist 

Save in a safe place

  • The list of the 24 words of the seed → My recommendation is to do it on one or more metal plates. References Metal Bitcoin Seed Storage Reviews could also be worth a simple stainless steel sheet .
  • The 6 words of the passphrase → Store them on one or more metal plates, different from the previous ones. We want to store the seed and the passphrase in different places.
  • Derived Addresses → These are our public addresses where we will have to enter the funds.
  • BIP32 Derivation Path → This value may be useful in the future when wanting to retrieve private keys in a wallet.
  • Account Extended Public Key → Key from which we can extract all our public keys.
  • BIP32 Extended Public Key (XPUB) → Key in BIP32 format to extract all our public keys.
Posted on Leave a comment

Generar claves privadas en Bitcoin de forma segura y barata

private public keys

Había empezado a escribir este post cuando buceando por Internet me he topado con varias páginas de bitcoiners que ya habían escrito sobre la generación de claves utilizando la herramienta BIP39 de Ian Coleman más el sistema Tails, así que me voy a limitar a poner los enlaces y a especificar los pasos a grandes rasgos.

Recursos

Operativa

  1. Descargar Tails, verificar la firma y copiarlo en un USB. Descargamos la versión 4.7
wget https://mirrors.ukfast.co.uk/sites/tails.boum.org/tails/stable/tails-amd64-4.7/tails-amd64-4.7.img

Verificar la imagen

https://tails.boum.org/install/linux/usb-download/index.en.html#command-line

Copiar la imagen

dd if=tails-amd64-4.7.img of=/dev/sda bs=16M oflag=direct status=progress
  1. Arrancar el ordenador desde el USB de Tails y configurar el acceso a Internet.
  1. Descargar el fichero bip39-standalone.html de https://github.com/iancoleman/bip39/releases

Para la versión 0.4.3 el comando sería este:

wget https://github.com/iancoleman/bip39/releases/download/0.4.3/bip39-standalone.html -O /home/amnesia/Tor\ Browser\bip39-standalone.html
  1. Eliminar la conexión a Internet de Tails.
  1. Ejecutar bip39-standalone.html desde Tor-browser. 
tor-browser /home/amnesia/Tor\ Browser\bip39-standalone.html
  1. En la página cargada en el navegador generar las 24 palabras. Se puede añadir entropía para tener una mayor seguridad.
  1. Generar la passphrase con 6 palabras aleatorias de la lista Long Diceware Wordlist 

Salvar en sitio seguro

  • La lista de las 24 palabras de la semilla → Mi recomendación es hacerlo en una o varias placas de metal. Referencias Metal Bitcoin Seed Storage Reviews también podría valer una simple chapa de acero inoxidable.
  • Las 6 palabras de la passphrase → Guardarlas en una o varias placas de metal, distintas de las anteriores queremos almacenar la semilla y la passphrase en sitios distintos.
  • Derived Addresses → Son nuestras direcciones públicas donde tendremos que ingresar los fondos.
  • BIP32 Derivation Path → Este valor puede ser útil en un futuro al querer recuperar las claves privadas en un wallet.
  • Account Extended Public Key → Clave a partir de la cual podemos extraer todas nuestras claves públicas.
  • BIP32 Extended Public Key (XPUB) → Clave en formato BIP32 para extraer todas nuestras claves públicas.

El artículo en traducido al Inglés está en “Generate private keys in Bitcoin safely and cheaply

Posted on Leave a comment

Import verification of Coldcard seed and passphrase at Electrum and Wasabi

Wallet Bitcoin

Before providing funds to our hardware wallet Coldcard (CC) It is important to make sure that in the future whatever happens we will be able to recover them.

Over the years many situations can arise whereby we find ourselves in the position of having to recover these funds without having the hardware wallet (hww), such as losing it or it being damaged and not being manufactured anymore, either because that model does not exist or because the company has closed. To this day we do not know which companies will exist and which will not exist in 10 years, and although it was still alive, technology evolves very quickly and within a few years devices that are now in common use may not be available, such as microSD memory cards, microUSB connectors, internal battery… 

Therefore it is vitally important to verify that we are going to be able to access the private keys that our hww handles. In this post we will test to recover these private keys from the CC addresses in other wallets from the generated seed and the passphrase that we have put.

There is documentation on this on the Coldcard website on how to carry out this operation, but I think that this is well worth a practical exercise to verify that this is the case. There is also apage walletsrecovery. where they give very valuable information about the compatibility between the different wallets.

  • Turn on the Coldcard, for this we connect it to an external USB charger or an adapter connected to a socket, never charge it with the USB connector of the computer we must keep the Coldcard always offline.
  • Put the prepin and the pin, you have to write it down because the device will request it whenever you turn it on. Do not save them on any digital medium or on the Internet, you have to minimize the risks.
  • Updating the firmware is optional but recommended, we will not go into it.
  • Create the wallet

Option: New Wallet

  • Add the passphrase and write it down because it is not saved in the hww. Important, it must be entered every time the Coldcard is started and you want to operate with these addresses.

Option: Passphrase → Edit Phrase → APPLY → OK

When you start the HWW it will not warn you that you have to enter it and the menus they have do not help but if you forget to enter it you will end up operating with other different Bitcoin addresses.

Option: Passphrase → A very long explanatory text but that is important because it indicates the problem of not entering it → Edit Phrase, It is not the best text for this option since what you have to do is enter your Passphrase and not edit it and then → APPLY → OK

When choosing the passphrase it is important that it is very difficult to discover on this page “Can BIP-39 passphrase be cracked?” they tell you how secure your password is.

  • Visualize your identity. 

Option: Advanced → View Identity to ensure that everything has been done correctly, we can check the fingerprint and that the text “BIP30 passphrase is in effect” appears to ensure that we are working with our passphrase.

  • Enter a microSD and export master public key (xpub) for the Electrum wallets and Wasabi which is where in the future we could import them.

Option:

microSD → Export Wallet → Electrum wallet -> Native Segwit

microSD → Export Wallet → Wasabi wallet

  • Saving addresses on the microSD card.

Option: Advanced -> Address Explorer -> 4 -> Select format (1b…) 1 

Generate a file addresses.txt in the microSD with 256 addresses.

  • Import the xpub in the Electrum wallet. 

It is recommended to run it within a Tails and not connect it to the Internet, it is not necessary for what we are going to do.

Take out the microSD card and connect it to the computer where we have installed the Electrum and Wasabi wallets.

  • Now we are going to create a wallet in Electrum with the same seed and passphrase that we have introduced in Coldcard.

Option: File → New / Restore

We choose the Standard Wallet option

We open the file addresses.txt exported from the CC to verify that the addresses shown by Electrum and those of Coldcard are the same.

Now we will perform the same check on the wasabi wallet.

  • We retrieve in Wasabi the wallet

It is not necessary and it is recommended for this exercise not to have the Wasabi connected to the Internet.

Option: Recover Wallet and introduce the seed and the passphrase

  • We load the Wallet

Option: Load Wallet

In the info of the wallet explorer we can verify that the Extended Master Fingerprint that shows wasabi matches the one that appears in Coldcard

  • Generate some addresses

Option : Recive 

When you restart wasabi it already shows the addresses

AND they actually match.

If initially only the Public Key appeared and not the address, we could perform the conversion to check that they are the same.

Address and Public Key at Electrum.

With this we have verified that from the Coldcard seed and passphrase we can recover the private keys in another wallet.

To summarize what we have to save to ensure recovery would be: 

  • The seed
  • The passphrase 
  • The type of address that we used in our case Native SegWit (bech32) which is the only one compatible with wasabi
  • The derivation paths “m / 84 ‘ / 0 ‘/ 0’ / 0 / XXXX ” 
  • It is recommended to also save an image of the Operating System together with the software used by Electrum and Wasabi. 

Another possible option for recovering private keys from seed and passphrase is to use the iancoleman bip39 web tool that has a downloadable version and works offline.