New COLDCARD Release: Many BIG features & Fixes!

Two New Heavyweight Features

CCC: COLDCARD can now Co-sign like collaborative multisig HSMs, no centralized servers needed.

KeyTeleport: Send secrets on a video call to other COLDCARD! Securely move seeds, secure notes/passwords, multisig PSBTs, even full backups (full clone), between two Q using QR or NFC

CCC - ColdCard Cosign

COLDCARD holds a key in a 2-of-3 multisig, in addition to the normal signing key it has.

  • It applies a spending policy like an HSM:
    • velocity and magnitude limits
    • whitelisted destination addresses
    • 2FA authentication using phone app (RFC 6238)
  • But will sign its part of a transaction automatically if those condition are met, giving you 2 keys of the multisig and control over the funds
  • Spending policy can be exceeded with help of the other co-signer (3rd key), when needed
  • Cannot view or change the CCC spending policy once set, policy violations are not explained
  • Existing multisig wallets can be used by importing the spending-policy-controlled key
  • CCC Demo Video (youtube) and Online docs (coldcard.com)

Key Teleport (Q)

Easily and securely move seed phrases, secure notes/passwords, multisig PSBT files, and even full Coldcard backups, between two COLDCARD Q using QR codes and/or NFC with helper website.

  • Can send master seed (words, xprv), anything held in seed vault, secure notes/passwords (singular, or all) and PSBT involved in a multisig to the other co-signers
  • Full COLDCARD backup is possible as well, but receiver must be “unseeded” Q for best result.
  • In other words, you can clone your Q over a zoom call to another person.
  • ECDH to create session key for AES-256-CTR, with another layer of AES-256-CTR using a short password (stretched by PBKDF2-SHA512) inside
  • Receiver shows sender a (simple) QR and a numeric code; sender replies with larger BBQr and 8-char password
  • See protocol spec in docs/key-teleport.md
  • Online docs are coming soon.
  • Related website is: keyteleport.com

Teleport of Multisig PSBT

After you sign a multisig PSBT, you have option to “Key Teleport” the PSBT file to any one of the other signers in the wallet. We already have a shared pubkey with them, so the process is simple and does not require any action on their part in advance. Plus, starting in this firmware release, COLDCARD can finalize multisig transactions, so the last signer can publish the signed transaction via PushTX (NFC tap) to get it on the blockchain directly.

Example sharing menu for PSBT

Above is an example of the menu shown where you select who should get the PSBT file next. As you can see two have already signed the file (checkmarks).

Shared Improvements - Both Mk4 and Q

  • New Feature: Multisig transactions are finalized when sufficiently signed. Allows use of PushTX with multisig wallets.
  • New Feature: Signing artifacts re-export to various media. Now you have the option of exporting the signing products (transaction/PSBT) to different media than the original source. Incoming PSBT over QR can be signed and saved to SD card if desired.
  • New Feature: Multisig export files are signed now. Read more here
  • Enhancement: NFC export usability upgrade: NFC keeps exporting until CANCEL/X is pressed
  • Enhancement: Add Bitcoin Safe option to Export Wallet
  • Enhancement: 10% performance improvement in USB upload speed for large files
  • (Q only) Enhancement: Always choose the biggest possible display size for QR

Bugfixes

  • Do not allow change Main PIN to same value already used as Trick PIN, even if Trick PIN is hidden.
  • Fix stuck progress bar under Receiving... after a USB communications failure
  • Showing derivation path in Address Explorer for root key (m) showed double slash (//)
  • Can restore developer backup with custom password other than 12 words format
  • Virtual Disk auto mode ignores already signed PSBTs (with “-signed” in file name)
  • Virtual Disk auto mode stuck on “Reading…” screen sometimes
  • Finalization of foreign inputs from partial signatures. Thanks Christian Uebber!
  • Temporary seed from COLDCARD backup failed to load stored multisig wallets
  • Destroy Seed also removes all Trick PINs from SE2.
  • Lock Down Seed requires pressing confirm key (4) to execute
  • (Q only) Only BBQr is allowed to export Coldcard, Core, and pretty descriptor

Video Tutorials

We have a growing library of video tutorials on Youtube … and we’re still adding more!