This guide demonstrates everything you need to know in order to secure your Bitcoin private keys using a Coldcard hardware wallet and its integrated Seed XOR method. With this method, you are able to split your backup seed phrase into multiple parts that look and function like complete 24-word seed phrases of their own. This opens up a range of possibilities and safeguards to protect your bitcoin.
Background On Self Custody And Keeping Bitcoin Safe
Welcome to the wonderful world of self custody, this is where the laws of man and the laws of math collide in a battle over your cryptographically-secured wealth.
There are a number of different reasons that people find themselves here; some realize the risks associated with trusted third-party custodians; others know that authorities have what it takes to take what you have; and a few understand that inflation is taxation without representation and confiscation of wealth without due process of law, propped up by an elaborate scheme between the U.S. Treasury and the Federal Reserve in an attempt to keep the rich in power and everyone else enslaved to debt and perpetual consumption.
For whatever reason you found yourself here, let's dive into securing your bitcoin in a way that offers protection from environmental hazards, confiscation and seizure, that mitigates trust and introduces plausible deniability. You can find further background on Seed XOR here.
Step One: Materials
Although there are several hardware wallets to choose from, you can see my top-10 reasons for using Coldcard here. At a bare minimum to follow along with this guide, you will need:
- One Coldcard
- Three stainless-steel SeedPlates
- One spring-loaded punch
- One ColdPower Adaptor
- One microSD Card
- One USB-to-micro-USB cable
- One permanent marker
- One pen
- One balanced dice
- One nine volt battery
- One wallet backup card (included with Coldcard)
- One computer with internet connection
Step Two: Checking Your New Coldcard
Upon receiving your Coldcard, ensure that the tamper-evident bag has not been compromised. If anything seems amiss or if you have any problems, contact firstname.lastname@example.org.
You will see the tamper-evident words "void" appear when the seal is opened.
Inside, you will find your new Coldcard, the wallet recovery backup card, sticker(s), and an additional copy of the bag number which should match the bag number printed on the outside of the bag.
Here is a graphic to help you figure out the navigation of your Coldcard. You can always hold down the “up” or “down” arrows when scrolling.
Step Three: Upgrade Firmware
One of the best features of the Coldcard in my opinion is that it can be used in a completely air-gapped fashion, meaning that you never have to connect it to a computer, although that option is there if you choose to use it. I prefer to use a nine volt battery with the ColdPower adaptor.
First, read and accept the terms of sale and use. Then you will be asked to confirm the bag number. If there are any discrepancies, contact email@example.com.
Next, select "Advanced" and then scroll down to "Upgrade Firmware" and finally "Show Version." If your displayed firmware version is older than the most recent version available on the Coinkite website here, then follow the next steps to upgrade.
If your displayed firmware version matches the most recent one, then you can skip down to Step Four: Setting A PIN.
Even the firmware can be upgraded in an air-gapped way by utilizing the microSD card. These steps will show you how to do that and verify the integrity of the firmware file on a Windows desktop using Kleopatra OpenPGP from the GPG4win bundle.
If you don't want to get into the PGP verification piece of this process, then you can skip ahead to the part about just saving the firmware file to the microSD card and loading on the Coldcard.
These next steps will show you how to save the PGP-signed hash value of the .dfu file and verify it with Doc Hex's PGP public key and then calculate your own hash value on the firmware to confirm.
From the CoinKite website, click on the link for the latest firmware version at the top of the page. This will automatically download a .dfu file.
From this same page, scroll down toward the bottom to the advanced section and then click on the "this clear-signed text file" link. That link will open a PGP-signed message containing the SHA-256 hash values of various firmware versions.
You want to save this PGP signed message as a .asc file. You can just hit “ctrl” and “s” from your web browser and you should be presented with a pop-up window like the one below. Make sure you have the "All Files (*.*)" option selected from the "Save as type:" drop-down menu. And then save the file with the ".asc" extension. You can leave it named "signatures."
Next, you need to get Doc Hex's public PGP key and import it to your Kleopatra keychain so you can certify it. Doc Hex's public key can be copied from this keyserver here.
Once you copy his public key to your clipboard, then in Kleopatra navigate to "Tools," then "Clipboard," then "Certificate Import." You will then be asked for your PGP password to certify Doc Hex's public key. Once certified, this public key will be added to your keychain.
You can confirm that the fingerprint of the public key you just imported for Doc Hex matches the fingerprint of the Doc Hex account from KeyBase here.
Now that you have Doc Hex's key imported and certified, you can verify that the signed message with the firmware hash values was actually signed by Doc Hex. Open the folder containing the signed message .asc file and right click on it, then select "More GpgEX options," then "Verify."
Kleopatra will start calculating the veracity of the signature and after a moment, you should receive a dialog box confirming that the signature matches the public key you certified.
At this point, you have verified that the PGP-signed message containing the hash values for the firmware files was in fact signed by Doc Hex. But you now need to verify that the .dfu firmware file does in fact return the same hash value as the one in the signed message.
To do this, I prefer using a freeware hex editing program called HxD. Simply navigate to "File" then select "Open" and navigate to the file path where you have the firmware .dfu file saved. Once opened, then navigate to "Analysis" then "Checksums" then scroll down to "SHA-256" and hit "OK." Then the software will return the calculated SHA-256 hash value on the firmware file you downloaded. Visually compare this returned hash value with the hash value that you can look at in the signed message by opening it with a text editor.
Now you know that the firmware file you downloaded is an exact match to the file that Coinkite intended that you receive and that it is safe to install on your new Coldcard.
Grab your microSD card and the USB adapter and insert them into your desktop. Once recognized, just drag and drop the firmware .dfu file onto the microSD card. Then safely eject the microSD card.
Turn the Coldcard over and insert the microSD card into the slot until it clicks in place.
You should still be in the "Advanced" menu, then scroll down to "Upgrade Firmware" then "From MicroSD" then select the firmware file. This will take a moment to automatically load, verify and upgrade.
With the firmware now upgraded, you're ready to move on and set your PIN number.
Step Four: Setting A PIN
Make careful considerations with your PIN number. You don't want to use one that is easy to guess. It is convenient when you can memorize it so that you don't have to find your notecard or other storage medium every time you want to access your Coldcard. Or perhaps you want a PIN that you don't have memorized, specifically so that you must have access to your notecard or other storage medium to open the Coldcard.
Either way, your PIN will have two parts: a prefix and suffix. The idea is that once you enter the prefix, you will be presented with two anti-phishing words. If the words are the same as the words that were originally presented to you at initial startup, then you know that your Coldcard has not been tampered with since the last time you accessed it.
First, select "Choose PIN Code," then you will see a brief description of how the PIN code works. Each part of your PIN code can be between two and six digits. There is absolutely no way to access a forgotten or lost PIN. And if you enter a PIN incorrectly too many times, it will brick your Coldcard as a security feature.
After hitting "OK" you will get one more warning about the risk of losing or forgetting your PIN. After reading that, you can enter your PIN prefix. Use the included notecard to write down your PIN prefix, then hit "OK."
Next, you will be presented with your two anti-phishing words. Write these down on your notecard.
Next, enter your PIN suffix, then write it down on the notecard and hit "OK."
Then, you will be asked to re-enter your PIN prefix, confirm the two anti-phishing words, and enter your PIN suffix. The Coldcard will save that information and then open up the wallet where you can generate your seed phrase.
Step Five: Creating A Seed Phrase
There are a couple considerations you may want to make when creating a seed phrase.
For example, Coldcard will generate a seed phrase for you by default, but maybe you don't trust the true random number generator (TRNG) used for some reason. Well, you don't have to trust it because you can generate your own entropy with dice or by other means. Then you can leave the seed phrase like it is, with 24 words, or you can add a 25th word, also known as a passphrase.
The passphrase can be any combination of upper case letters, lower case letters, numbers, or special characters. There is no way for the wallet to know if your passphrase is correct or not though once you set it. So if you do decide to use a passphrase and then you misenter it when accessing the wallet in the future, the Coldcard will display a perfectly valid wallet, but it won't be the wallet that contains your funds. Even with the same 24 words, entering two different passphrases will generate two completely different wallets.
So, think about what your threat model is, how you will secure your recovery information and how your loved ones would recover your bitcoin if you were gone.
Typically, I like to use dice to generate my seed phrases and then I like to add a high-entropy passphrase to it, so I will show you how I do it and you can pick and choose what works for you.
Like I said, the Coldcard will use a TRNG to make a random seed phrase for you by default. Select "New Wallet" and after a moment you will be presented with 24 words. You can use that seed phrase if you want, there is nothing wrong with doing so.
But I like to scroll down to the bottom of the word list and select "4" to add some dice rolls.
It is recommended to use at least 50 dice rolls for 126 bits of entropy or 99 dice rolls for 256 bits of entropy. Entropy is calculated by using: log2(6) = 2.58. For reference, it would take the world's most powerful supercomputer trillions of years to brute force a 256-bit key.
So, roll the dice and enter the corresponding number for each roll. Repeat this process as much as you want. If you roll fewer than 50 times, then the Coldcard will add the remaining necessary entropy with the TRNG. Then hit "OK."
You can always verify that the dice roll math is actually doing what it purports to be doing by following the instructions in the Coldcard documentation here, or by checking out another guide of mine here.
Now you will be presented with a new list of 24 words. Write these words down on your notecard. Then, double check your work.
Next, you will be asked to take a test to prove you wrote the words down correctly.