Coldcard Mk4 v5.2.0: Seed Vault, PSBTv2 & More

"Seed Vault enables storage of multiple secrets into the COLDCARD’s encrypted settings for easy recall and later use. They are encrypted with a key based on your seed (using AES-256-CTR), but are not themselves stored in the Secure Elements."

Coldcard Mk4 v5.2.0: Seed Vault, PSBTv2 & More
  • "TL;DR: First Bitcoin Singing-Device to store MULTIPLE seeds. Switch between them effortlessly. Ideal for custodians (think Grandma's stash), devs, experiments, and secure key handling (e.g., TAPSIGNER backups)."
"Enable this functionality in Advanced/Tools -> Danger Zone -> Seed Vault -> Enable. It is not enabled by default, and is a feature best suited to experimenters and advanced users with complex key management needs."
  • "Once enabled, you can easily recall the stored seeds using a new main menu item Seed Vault which appears when enabled. The XFP (fingerprint) and origin of each key is shown there, and activating takes only a single click. You can also edit the name for each key."
  • "The latest version of BIP-174 is now supported: PSBTv2 (version 2). Not many tools are generating these files yet, but they do offer some important advancements and enable new PSBT workflows. COLDCARD will auto-detect v2 files, and produces v2 outputs if given a PSBTv2 as input for signing."

What's new

  • Seed Vault. Store multiple temporary secrets into encrypted settings for simple recall and later use (AES-256-CTR encrypted by key based on the seed). Enable this functionality in Advanced/Tools -> Danger Zone -> Seed Vault -> Enable. Use stored seeds from Seed Vault with top-level Seed Vault menu choice (once enabled). Can capture and hold master secret from any temporary (ephemeral) seed source, including: TRNG, Dice Rolls, SeedXOR, TAPSIGNER backups, Duress Wallets, BIP-85 derived values, BIP-39 passphrase wallets.
  • PSBTv2 support added! Enables new PSBT workflows and applications.
  • New Feature: Lock Down Seed now works with every temporary secret (not just BIP39 passphrase)
  • New Feature: BIP-39 Passphrase can now be added to any words-based temporary seed.
  • New Feature: Add ability to back-up BIP39 Passphrase wallet (with passphrase encoded).
  • New Feature: Return to main secret from temporary without need to reboot the device.
  • Enhancement: Shortcut to Batch Sign PSBT via Ready To Sign -> Press (9)
  • Enhancement: Waste less storage space by removing old plausible deniability code which was only needed for Mk1 - Mk3 where SPI flash was an external chip.
  • Enhancement: Remove obsolete Mk2/Mk3 code-paths from master branch.
  • Enhancement: BIP39 Passphrase is now internally handled as an temporary secret. Ability to see BIP-39 Passphrase after wallet is active via View Seed Words was removed as a consequence of this change. Benefit: passphrase no longer held in memory while in operation.
  • Enhancement: Showing secrets now also display extended private key (XPRV) for BIP-39 passphrase wallets.
  • Enhancement: Increase number of slots in settings memory from 64 to 100.
  • Bugfix: Fixed off by one bug in Trick Pins -> Login Countdown menu.
  • Nomenclature: "Ephemeral Seed" will now be called "Temporary Seed".

GitHub Repo
Blog Post / Archive