Major Multisig Improvements!
This release is a major one with lots and lots of Multisig related changed. There are also some useful improvements in other areas, but let’s start with multisig:
If you are using multisig features, please backup your Coldcard before upgrade, just in case (but shouldn’t be a problem).
- Now tracks derivation path for each co-signer and no longer assumes they all use a shared derivation path.
- Blocks multiple instances of same XFP in the wallet (not supported anymore, bad idea).
- Show Ypub/Zpub formated values from SLIP-132 when viewing details of wallet.
- Address type (p2sh-p2wsh, p2sh, p2wsh) is captured from MS wallets created by PSBT file import.
- Standardize on “p2sh-p2wsh” nomenclature, rather than “p2wsh-p2sh”, thanks to @humanumbrella. For airgaped multisig wallet creation, you must use same firmware verison on all Coldcards or this change can make trouble.
- Text file import: “Derivation:” line can be repeated, applies to all following xpubs.
- Can now store multiple wallets involving same set of XFP values, if they have differing subkey paths and/or address formats.
- New mode which disables certain multisig checks to assist ‘bug compatibility’.
- Add support for signing Payjoin PSBT files based on BIP-78.
- Promoted the address explorer to the main menu. It’s useful! (credit to @matt_odell)
- Move the “blockchain” setting deeper into the “Danger Zone” and add warning screen. This mitigates a concern raised by @benma (Marko Bencun) where an attacker could socially-engineer you to sign a transaction on Testnet, which corresponds to real UTXO being stolen. Only developers should be using Testnet. Read more about this in our recent blog post.
- Files created on MicroSD will have date and time determined by the version of firmware that made them. Downstream systems might use this to know when the Coldcard should be upgraded, or which firmware version created the data. Idea from @sancoder
- Show version of secure element, under Advanced > Upgrade > Show Version.
- Improve ‘None of the keys involved…’ message to show XFP value actually found inside PSBT file.
- “Invalid PSBT” errors are shown with more information now.
- Paper Wallet features temporarily removed to free space; will return in a future version.
- Zero-length BIP39 passphrase, when saved, would cause a crash when restore attempted. We recommend longer passphrases, but fixed the issue.
- Display of amounts could be incorrect by a few sats in final digits.
- Better error reporting when importing bogus multisig wallet files.
- License changed from GPL to MIT+CC on files for which the GPL doesn’t apply.
We have a growing library of video tutorials on Youtube … and we’re still adding more!