COLDCARD

This section will show you how to:

  • Check the tamper-evident bag
  • Setup a PIN
  • Generate a seed phrase with some dice rolls
  • Backup recommendations

Checking the tamper-evident bag:

Upon receiving your COLDCARD, ensure that the tamper-evident bag has not been compromised. If anything seems amiss or if you have any problems contact support@coinkite.com. Visually inspect the surfaces and edges of the bag for indications of tampering, openings, or damage.

You will see the tamper-evident words "VOID" appear when the seal is opened. Inside you will find your new COLDCARD, the Wallet Recovery Backup Card, sticker(s), and an additional copy of the bag number which should match the bag number printed on the outside of the bag.

If everything looks good, then you are ready to power on your new COLDCARD and get it setup.

Here is a diagram you can reference to learn the COLDCARD's navigation:

Setting up a PIN

A great security feature of the COLDCARD is that it can be used completely air-gapped. Meaning that you never have to connect it to a computer, although that option is there if you choose to use it. You can use a standard USB outlet transformer or even a 9v battery with the COLDPOWER adaptor, which Coinkite offers here. To power on the COLDCARD simply connect a USB to micro-USB cable to the port on top of the COLDCARD and the other end to the USB port on your COLDPOWER adaptor & 9v battery.

Once powered on, first read and accept the terms of sale & use. Then you will be asked to confirm the bag number. If there are any discrepancies, contact support@coinkite.com.

Make careful considerations with your PIN number. You don't want to use one that is easy to guess. Your PIN will have two parts, a prefix and suffix. The way the PIN works after you set it all up is that once you enter the prefix, you will be presented with two anti-phishing words. If the words are the same as the original words presented to you at initial setup, then you know that your COLDCARD has not been tampered with since the last time you accessed it. After confirming the anti-phishing words, you then enter the PIN suffix and if all is correct you will be permitted access to the COLDCARD.

First, select Choose PIN Code, then you will see a brief description of how the PIN code works. Each part of your PIN code can be between 2 and 6 digits. There is absolutely no way to access a forgotten or lost PIN. Also, if you enter a PIN incorrectly too many times, it will brick your COLDCARD as a security feature.

After hitting OK you will get one more warning about the risk of losing or forgetting your PIN. After reading that, you can enter your PIN prefix. Use the included note card to write down your PIN prefix then hit OK.

Next you will be presented with your two anti-phishing words. Write these down on your note card.

Next, enter your PIN suffix, then write it down on the note card and hit OK.

Then you will be asked to re-enter your PIN prefix, confirm the two anti-phishing words, and enter your PIN suffix. The COLDCARD will save that information and then open up the wallet where you can generate your seed phrase.

Generating a seed phrase

There are a couple considerations you may want to make when creating a seed phrase. For example, COLDCARD will generate a seed phrase for you by default, as shown in the Ultra Quick guide. However, maybe you don't trust the True Random Number Generator (TRNG) in your COLDCARD, you can introduce some of your own randomness using a six sided dice and combine that with the COLDCARD's TRNG entropy. If you still don't trust the COLDCARD is doing what it purports to be doing then you can generate additional entropy with dice rolls and even verify the dice roll math as shown in the Paranoid guide.

In the steps below you will see how to introduce your own entropy using a six sided dice combined with the TRNG entropy from the COLDCARD to generate your seed phrase. After setting up the PIN, you should be at the COLDCARD main menu. Select New Wallet and after a moment you will be presented with 24 words. However, to introduce your own dice roll randomness, scroll down to the bottom of the word list and select 4 to add some dice rolls.

Each 6-sided dice roll is equivalent to 2.58 bits of entropy (log2(6)). For reference, it would take the world's most powerful supercomputer trillions of years to brute force a 256 bit key. The COLDCARD's TRNG has already picked 256 random bits at this point, but each time you roll, you are adding 2.58 bits of entropy over those bits. So roll the dice and enter the corresponding number for each roll. Repeat this process as much as you want. Then hit OK.

Now you will be presented with a new list of 24-words. Write these words down in order on your note card. Then double check your work.

Next, you will be asked to take a test to prove you wrote the words down correctly.

After passing the test, you will be at the COLDCARD's main menu. Best practice is to test your backup information before depositing any bitcoin. The basic idea is to use only your written backup information in an attempt to restore your wallet. If all of your backup information is correct and you successfully restore your wallet then you know that you can recover any bitcoin deposited to that wallet with that backup information. First you need a way to identify your wallet. Your newly generated wallet has a unique fingerprint which you can find from the main menu by navigating to Advanced > View Identity. You will find a unique 8-character fingerprint such as 99E870EF. Write that fingerprint down. Now you can destroy the seed on your COLDCARD by again navigating to Advanced then Danger Zone > Seed Functions > Destroy Seed. Then you will be presented with a couple of warnings, after confirming, your seed will be destroyed and you will be brought back to the login page where you enter your PIN. Log back into your COLDCARD and from the main menu navigate to Import Existing > 24 words and then start entering your seed words in order from your backup card. Start by scrolling down until you see the first letter of your word, then scroll down to the next nearest part of the word, and keep narrowing down the search until you arrive at the word you need. For example, t > th > thr > throw then hit OK and repeat the process for the next word. If you make a mistake, you can hit Cancel to go back and re-select a word. After you enter the 23rd word, COLDCARD will compute a list of 8 possible options for your 24th word. Select your 24th word from that list. If you do not see your 24th word on that list then you either made a mistake entering the first 23-words or you wrote down your backup information incorrectly. After selecting the 24th word and hitting OK the seed will be applied and then you can navigate back to Advanced > View Identity and confirm the fingerprint is correct.

Your COLDCARD is ready to start receiving deposits, set it aside for now and after Sparrow Wallet is all setup then you can import the XPUB to deposit straight to the ColdCard from Whirlpool. If you are interested in adding the additional security of a passphrase to your COLDCARD wallet, then check out the Paranoid guide. A passphrase will add an additional layer of security to your seed phrase, it is like adding a 25th word that is only known to you.

Backup recommendations

Careful considerations should be made in regards to how the wallet backup information will be stored. The information required for a proper backup varies depending on how the wallet was setup. These requirements may be only 24-words for a simple wallet or the requirements can include 24-words, a passphrase, master fingerprint, derivation path, and more. There are several options when it comes to picking a storage medium, each has its own set of trade offs. Writing the 24-words on paper is a good start and helps mitigate the risks associated with having a digital copy of the backup information. With the backup information written down on paper, an adversary would need physical access to the paper in order to retrieve the information. Where as a photo, text file, or other digital medium can be copied and replicated and shared quickly.

The trade off with paper backups is that they do not withstand fire or flooding very well. This is where steel backups come into play. Robust backups made from stainless steel can withstand fire temperatures beyond the range of a typical house fire, up to 1,500°C. Also stainless steel backups can withstand being submerged in water for extended periods of time. There is a wide range of steel backups available. Coinkite offers the SEEDPLATE which gives users a robust backup option that is resistant to fire and flooding as well as easy to conceal.

These stainless steel plates are etched with a grid on both sides. The grid contains the alphabet along the Y-axis and 48-columns along the X-axis. The 48-columns are split into 12 groups of 4-columns. Each of the 12-groups has enough room for 4-letters. Only the first 4-letters of each BIP39 seed word is required in order to restore the wallet as no two words on the BIP39 word list share the same sequence of the first 4-letters.

Use a marker to indicate the first 4-letters of the first 12-words on one side of the plate and then flip the plate over and repeat the process for the 13th through 24th words. Double check your work then use a spring-loaded punch to stamp the plate on each mark.

Now you have a robust stainless steel backup that can withstand fire and flood. This backup plate is easy to conceal measuring in at 127mm X 76mm x 1.5mm so that it can be hidden in a variety of places and environments.