Major Multisig Improvements!

This release (3.2.2) is a major one for the Address Explorer and includes a number of much-asked-for features:

  • View sub-accounts as exported, just enter the account number.
  • Multisig wallet support! (Caveat: addresses are for verification purposes and never for direct use as deposit, so they are partially redacted)
  • Enter any custom derivation path, by entering numbers directly; for gurus.
  • Warning screen can be suppressed after reading first time (press 6)
  • Export of addresses now named “addresses.csv” not “.txt”

Special thanks go to @switck for the bulk of this code!

Some minor bugfixes are included as well:

  • Disable a few more path derivation checks for “Skip Checks” for multisig compatibility. Handles error shown when working with previously-imported Spectre multisig wallets (ie. multisig.py: 891).
  • Generic wallet export (JSON) name for BIP49 wallets changed from “p2wpkh-p2sh” to “p2sh-p2wpkh”. Thanks @craigraw.

Multisig Address Challenges

When a multisig wallet is selected in the address explorer, you can confirm the deposit addresses, and export the first 250 addresses to MicroSD card.

However, multisig wallets can be very complex and we are not trying to understand them all (yet). Do not panic if your complex multisig wallet does not show up correctly. This firmware assumes /0/n is simply appended to the derivation paths provided in the multisig wallet configuration. Many valid multisig wallets will not use this approach, and for example, one co-signer might sign with same key for all addresses. This would be communicated in the PSBT file, but the Coldcard doesn’t know that in this context.

If there is any confusion, dump the addresses to a CSV file (press 1) and open that. We’ve added some useful columns for multisig, including the full redeem script and derivation used for each co-signer.

Here’s an example for a 2-of-4 P2SH wallet using BIP45 paths, overlaid with Electrum’s address tab.

Example MS export

Coldcard will never show the full payment address for multisig wallets. Three positions are replaced with underscore, so that the result is not a valid base58/bech32 value. This is a safety feature.

Version 3.2.1 Changes

Last week we also did a major release. In case you missed that, here are the details for that release:

If you are using multisig features, please backup your Coldcard before upgrade, just in case (but shouldn’t be a problem).

  • Now tracks derivation path for each co-signer and no longer assumes they all use a shared derivation path.
  • Blocks multiple instances of same XFP in the wallet (not supported anymore, bad idea).
  • Show Ypub/Zpub formated values from SLIP-132 when viewing details of wallet.
  • Address type (p2sh-p2wsh, p2sh, p2wsh) is captured from MS wallets created by PSBT file import.
  • Standardize on “p2sh-p2wsh” nomenclature, rather than “p2wsh-p2sh”, thanks to @humanumbrella. For airgaped multisig wallet creation, you must use same firmware verison on all Coldcards or this change can make trouble.
  • Text file import: “Derivation:” line can be repeated, applies to all following xpubs.
  • Can now store multiple wallets involving same set of XFP values, if they have differing subkey paths and/or address formats.
  • New mode which disables certain multisig checks to assist ‘bug compatibility’.
  • Enhancements:
    • Add support for signing Payjoin PSBT files based on BIP-78.
    • Promoted the address explorer to the main menu. It’s useful! (credit to @matt_odell)
    • Move the “blockchain” setting deeper into the “Danger Zone” and add warning screen. This mitigates a concern raised by @benma (Marko Bencun) where an attacker could socially-engineer you to sign a transaction on Testnet, which corresponds to real UTXO being stolen. Only developers should be using Testnet. Read more about this in our recent blog post.
    • Files created on MicroSD will have date and time determined by the version of firmware that made them. Downstream systems might use this to know when the Coldcard should be upgraded, or which firmware version created the data. Idea from @sancoder
    • Show version of secure element, under Advanced > Upgrade > Show Version.
    • Improve ‘None of the keys involved…’ message to show XFP value actually found inside PSBT file.
    • “Invalid PSBT” errors are shown with more information now.
    • Paper Wallet features temporarily removed to free space; will return in a future version.
  • Bugfixes:
    • Zero-length BIP39 passphrase, when saved, would cause a crash when restore attempted. We recommend longer passphrases, but fixed the issue.
    • Display of amounts could be incorrect by a few sats in final digits.
    • Better error reporting when importing bogus multisig wallet files.
    • License changed from GPL to MIT+CC on files for which the GPL doesn’t apply.

Download the latest firmware

Get COLDCARD Mark 3

Video Tutorials

We have a growing library of video tutorials on Youtube … and we’re still adding more!