Posted on Leave a comment

Generate private keys in Bitcoin safely and cheaply

private public keys

I had started writing this post when diving online I have come across several pages of bitcoiners who had already written about the generation of keys using Ian Coleman’s BIP39 tool plus the Tails system, so I will limit myself to putting the links already specify the steps roughly.



  1. Download Tails, verify the signature and copy it to a USB. We downloaded version 4.7

Check the image

Copy the image

dd if=tails-amd64-4.7.img of=/dev/sda bs=16M oflag=direct status=progress
  1. Start the computer from the Tails USB and configure Internet access.
  2. Download the bip39-standalone.html file from

For version 0.4.3 the command would be this:

wget -O /home/amnesia/Tor\ Browser\bip39-standalone.html
  1. Remove the Internet connection from Tails.
  2. Run bip39-standalone.html from Tor-browser. 
tor-browser /home/amnesia/Tor\ Browser\bip39-standalone.html
  1. On the page loaded in the browser generate the 24 words. Entropy can be added for greater security.
  2. Generate the passphrase with 6 random words from the Long Diceware Wordlist 

Save in a safe place

  • The list of the 24 words of the seed → My recommendation is to do it on one or more metal plates. References Metal Bitcoin Seed Storage Reviews could also be worth a simple stainless steel sheet .
  • The 6 words of the passphrase → Store them on one or more metal plates, different from the previous ones. We want to store the seed and the passphrase in different places.
  • Derived Addresses → These are our public addresses where we will have to enter the funds.
  • BIP32 Derivation Path → This value may be useful in the future when wanting to retrieve private keys in a wallet.
  • Account Extended Public Key → Key from which we can extract all our public keys.
  • BIP32 Extended Public Key (XPUB) → Key in BIP32 format to extract all our public keys.
Posted on Leave a comment

Import verification of Coldcard seed and passphrase at Electrum and Wasabi

Wallet Bitcoin

Before providing funds to our hardware wallet Coldcard (CC) It is important to make sure that in the future whatever happens we will be able to recover them.

Over the years many situations can arise whereby we find ourselves in the position of having to recover these funds without having the hardware wallet (hww), such as losing it or it being damaged and not being manufactured anymore, either because that model does not exist or because the company has closed. To this day we do not know which companies will exist and which will not exist in 10 years, and although it was still alive, technology evolves very quickly and within a few years devices that are now in common use may not be available, such as microSD memory cards, microUSB connectors, internal battery… 

Therefore it is vitally important to verify that we are going to be able to access the private keys that our hww handles. In this post we will test to recover these private keys from the CC addresses in other wallets from the generated seed and the passphrase that we have put.

There is documentation on this on the Coldcard website on how to carry out this operation, but I think that this is well worth a practical exercise to verify that this is the case. There is also apage walletsrecovery. where they give very valuable information about the compatibility between the different wallets.

  • Turn on the Coldcard, for this we connect it to an external USB charger or an adapter connected to a socket, never charge it with the USB connector of the computer we must keep the Coldcard always offline.
  • Put the prepin and the pin, you have to write it down because the device will request it whenever you turn it on. Do not save them on any digital medium or on the Internet, you have to minimize the risks.
  • Updating the firmware is optional but recommended, we will not go into it.
  • Create the wallet

Option: New Wallet

  • Add the passphrase and write it down because it is not saved in the hww. Important, it must be entered every time the Coldcard is started and you want to operate with these addresses.

Option: Passphrase → Edit Phrase → APPLY → OK

When you start the HWW it will not warn you that you have to enter it and the menus they have do not help but if you forget to enter it you will end up operating with other different Bitcoin addresses.

Option: Passphrase → A very long explanatory text but that is important because it indicates the problem of not entering it → Edit Phrase, It is not the best text for this option since what you have to do is enter your Passphrase and not edit it and then → APPLY → OK

When choosing the passphrase it is important that it is very difficult to discover on this page “Can BIP-39 passphrase be cracked?” they tell you how secure your password is.

  • Visualize your identity. 

Option: Advanced → View Identity to ensure that everything has been done correctly, we can check the fingerprint and that the text “BIP30 passphrase is in effect” appears to ensure that we are working with our passphrase.

  • Enter a microSD and export master public key (xpub) for the Electrum wallets and Wasabi which is where in the future we could import them.


microSD → Export Wallet → Electrum wallet -> Native Segwit

microSD → Export Wallet → Wasabi wallet

  • Saving addresses on the microSD card.

Option: Advanced -> Address Explorer -> 4 -> Select format (1b…) 1 

Generate a file addresses.txt in the microSD with 256 addresses.

  • Import the xpub in the Electrum wallet. 

It is recommended to run it within a Tails and not connect it to the Internet, it is not necessary for what we are going to do.

Take out the microSD card and connect it to the computer where we have installed the Electrum and Wasabi wallets.

  • Now we are going to create a wallet in Electrum with the same seed and passphrase that we have introduced in Coldcard.

Option: File → New / Restore

We choose the Standard Wallet option

We open the file addresses.txt exported from the CC to verify that the addresses shown by Electrum and those of Coldcard are the same.

Now we will perform the same check on the wasabi wallet.

  • We retrieve in Wasabi the wallet

It is not necessary and it is recommended for this exercise not to have the Wasabi connected to the Internet.

Option: Recover Wallet and introduce the seed and the passphrase

  • We load the Wallet

Option: Load Wallet

In the info of the wallet explorer we can verify that the Extended Master Fingerprint that shows wasabi matches the one that appears in Coldcard

  • Generate some addresses

Option : Recive 

When you restart wasabi it already shows the addresses

AND they actually match.

If initially only the Public Key appeared and not the address, we could perform the conversion to check that they are the same.

Address and Public Key at Electrum.

With this we have verified that from the Coldcard seed and passphrase we can recover the private keys in another wallet.

To summarize what we have to save to ensure recovery would be: 

  • The seed
  • The passphrase 
  • The type of address that we used in our case Native SegWit (bech32) which is the only one compatible with wasabi
  • The derivation paths “m / 84 ‘ / 0 ‘/ 0’ / 0 / XXXX ” 
  • It is recommended to also save an image of the Operating System together with the software used by Electrum and Wasabi. 

Another possible option for recovering private keys from seed and passphrase is to use the iancoleman bip39 web tool that has a downloadable version and works offline.