Nahuel Hernandez

Nahuel Hernandez

Another personal blog about IT, Automation, Cloud, DevOps and Stuff.

Coldcard Ultra Secure Bitcoin Hardware Wallet

Setup for first time a Coldcard Wallet in a secure way

4-Minute Read

Coldcard

A hardware wallet is a type of cryptocurrency wallet where you can store your private keys in a secure physical device. They have major advantages over standard software wallets: private keys are often stored in a protected area of a microcontroller, and cannot be transferred out of the device in plaintext.

Colcard is a Hardware Wallet from Coinkite company that is one of the best solutions for holding Bitcoins in long term (HODL). The principles characteristics are:

  • Bitcoin only: The best option to reduce attack vectors
  • Air-Gapped: we don’t need to connect to a computer
  • Open-Source: all code is opensource and we can compile it
  • Ultra-Secure: air-gapped and secure element (It uses Microchip for storing the critical master secret)
  • No Coldcard software required: work with native wallet apps like Electrum and Wasabi

With Coldcard we don’t need to connect to a computer, we only need a MicroSD. It is air-gapped for full operation. from seed generation to transaction signing. Coldcard Uses PSBT (BIP174) natively (Partially Signed Bitcoin Transactions), we sign transactions directly on the MicroSD card, and later broadcast them on the network, without the Coldcard being connected. Also with the MicroSD we can backup the seed into an encrypted file or upgrade the device firmware.

Note: Air gapping provides higher security but can be a little inconvenient. Coldcard provides the option to choose between more security or more convenience, by supporting both air gapping, as well as direct connection via USB.

In this tutorial, you learn how to:

  • Setup Coldcard Wallet
  • Upgrade Coldcard Wallet
  • Backup System
  • Using Coldcard Offline with Electrum

Setup Coldcard wallet

  1. Connect a power supply to the Coldcard using the USB port using a computer or USB power Data (Only need power, no data).

  2. Accept the “Terms of Sale”.

  3. Upgrade Coldcard (Optional and detailed forward).

  4. Configure the initial PIN for unauthorized usage, 4-6 digits recommended. For example 872323-398431

    Note: The first part is called the prefix (872323-) and the second, the suffix (-398431). Each part must have between 2 and 6 digits. The prefix determines the anti-phishing words you will see each time you login.

  5. Note and memorize the two anti-phishing words displayed on the screen. This word pair is unique to your Coldcard against the specific prefix PIN that you use.

  6. Choose “New Wallet” to generate 24 words using the BIP39 word list. The words are then shown to you. Write down the seed words, in order, on the provided card or some other paper.

  7. Set a Passphrase/BIP39 (optional and more secure), by default Coldcard uses an empty passphrase, with the same seed and different passphrase we can create many wallets. Go to “Passphrase” and add your passphrase, if someone gets you 24 words seed, without your passphrase, he can’t get your Bitcoins.

Upgrade Coldcard wallet

  1. Download and verify the latest firmware release.

  2. Save the 20…-coldcard.dfu firmware file onto an SD card.

  3. Power up your Coldcard and unlock it with your PIN.

  4. Go to the Advanced > Upgrade menu and click on From SD Card.

  5. After the confirmation dialog, Coldcard will upgrade and reboot (slow).

  6. Type in your PIN again. Verify new version running with: Advanced > Upgrade > Show Version.

  7. If you powered down during this process, to get a green light again, you may need to use: Bless Firmware in that menu.

Backup System

  1. Insert a MicroSD card on Coldcard Wallet.

  2. In Coldcard Wallet go to Advanced > Backups > Backup System.

  3. You’ll be shown a 12-word password to be recorded, and have to pass a short quiz to prove you did that.

  4. Check the file is saved as an AES-encrypted 7Z file on the MicroSD card.

Note: The backup file is useless without the 12-word passphrase. Each backup will have a different backup phrase, and it has no relationship with the wallet seed words.

Next steps:

  • Erase seed and restore from MicroSD and seed words
  • Using Coldcard Offline with Electrum
  • Creating a watch-only wallet with Bluewallet
  • Bitcoin core with Specter on Coldcard

References:

Categories

Recent Posts

About

Over 15-year experience in the IT industry. Working in SysOps, DevOps and Architecture roles with mission-critical systems across a wide range of industries. Wide experience with AWS, Terraform, Kubernetes, Containers, CI/CD pipelines, and Linux. Always keeping up with the latest technologies. Passionate about automating the run of the mill. Big focus on problem-solving.