New Mk4 Release: Version 5.2.0

Big New Feature: Seed Vault

Seed Vault enables storage of multiple secrets into the COLDCARD’s encrypted settings for easy recall and later use. They are encrypted with a key based on your seed (using AES-256-CTR), but are not themselves stored in the Secure Elements.

Enable this functionality in Advanced/Tools -> Danger Zone -> Seed Vault -> Enable. It is not enabled by default, and is a feature best suited to experimenters and advanced users with complex key management needs.

Once enabled, you can easily recall the stored seeds using a new main menu item Seed Vault which appears when enabled. The XFP (fingerprint) and origin of each key is shown there, and activating takes only a single click. You can also edit the name for each key.

When the Seed Vault feature is enabled, any process that generates or imports an temporary seed (formerly “ephemeral seed”), will offer you a chance to save the new seed into the vault. This now includes BIP-39 passphrases, so if Seed Vault is enabled, after entering a passphrase, you could save it into the vault. (Note the phrase itself is not stored, just the XPRV of the resulting key.)

Temporary seeds can be generated by TRNG, Dice Rolls, SeedXOR recovery process, TAPSIGNER recovery, duress wallets, and BIP-85 derived seeds. All of these values can all be stored in the vault for faster access.

You must backup the COLDCARD after adding to the vault. We always recommend your funds be protected by a metal backup of seed words.

  • Nomenclature change: “Ephemeral Seeds” will now be called “Temporary Seeds”.
  • XFP (fingerprint) of current temporary seed is shown at top of main menu, when active.
  • BIP39 Passphrase is now internally handled as an temporary secret. Your passphrase no longer held in memory while in operation.
  • Return to master secret from temporary without need to reboot the device: choose “Restore Master” from main menu, shown only while an temporary seed is in use.
  • Lock Down Seed now works with any temporary secret, not just BIP39 passphrase.
  • BIP-39 Passphrase can now be added to any words-based temporary seed.
  • Learn more in the docs for this feature.

PSBTv2 Support

The latest version of BIP-174 is now supported: PSBTv2 (version 2).

Not many tools are generating these files yet, but they do offer some important advancements and enable new PSBT workflows. COLDCARD will auto-detect v2 files, and produces v2 outputs if given a PSBTv2 as input for signing.

Our general purpose PSBT debugging tool psbt_dump has supported PSBTv2 since May of this year.

Enhancements

  • Shortcut to Batch Sign PSBT via Ready To Sign -> Press (9)
  • Showing secrets now also displays extended private key (XPRV) for BIP-39 passphrase wallets.
  • Increase number of slots in settings memory from 64 to 100.
  • Add ability to back-up BIP39 Passphrase wallet (with passphrase encoded).

Bug Fixes

  • Fixed off by one bug in Trick Pins -> Login Countdown menu.

Video Tutorials

We have a growing library of video tutorials on Youtube … and we’re still adding more!