If you’re deep into Bitcoin self-custody, you’ve probably heard of Coldcard’s air-gapped PSBT signing. This method involves keeping your private keys completely offline while still enabling secure transaction signing. It’s a little geeky at first, but after using this workflow for several months, I can say it’s a trust-minimized way to handle Bitcoin transactions securely, especially if you want to integrate multisignature setups or avoid exposing keys via USB or network.
This guide covers how Coldcard uses Partially Signed Bitcoin Transactions (PSBTs) and MicroSD cards to facilitate air-gapped signing. We'll look at the process in detail, explain the benefits of air-gapping, and show practical steps to keep your funds safe without sacrificing convenience.
For related topics like firmware updates and multisig setups, check out the Coldcard firmware updates and Coldcard multisig guides.
Air-gapped signing means your private keys never touch a device connected to the internet. By using a hardware wallet offline, you avoid common attack vectors such as malware, remote exploits, or supply chain compromises.
Think of air-gapping like a hermit crab protecting its shell—it stays completely insulated from outside interference. When using Coldcard’s air-gapped PSBT and MicroSD approach, the wallet generates and signs transactions within its secure element, then exports a signed PSBT file to MicroSD. You carry that file to an online computer to broadcast, never exposing keys online.
This setup is especially meaningful if you’re managing larger sums or running multisignature (multisig) setups where multiple signatures are needed before funds move. It’s more secure than connecting your Coldcard via USB and less cumbersome than trusting a single device online.
PSBT stands for Partially Signed Bitcoin Transaction. It’s a Bitcoin standard designed to let different devices collaboratively sign transactions without exposing private keys. Here’s how it works:
PSBT is critical for air-gapped workflows since no sensitive info leaves the hardware wallet.
Let me walk you through the typical process of signing a PSBT using Coldcard’s air-gapped MicroSD workflow:
Create the PSBT on your online computer
Copy the PSBT file to a MicroSD card
Insert MicroSD into Coldcard and sign
Remove MicroSD and return it to the online computer
This process keeps your Coldcard physically isolated and requires minimal trust from your online device.
Coldcard’s MicroSD slot is a key enabler for this air-gapped experience. Unlike other hardware wallets which rely mainly on USB or Bluetooth connectivity—potentially exposing attack surfaces—Coldcard uses a removable MicroSD card to move files. This means the wallet never connects directly to your computer.
Key points:
Example: After exporting your wallet's XPUB to MicroSD, importing this into your multisig setup's wallet software lets it track balances without risking private keys.
From my experience, the biggest mistakes with air-gapped signing come down to human error. Here are a few things to watch out for:
Double-check everything on Coldcard's screen. It’s tempting to skip confirmations, but confirming address and amount on-device prevents malware spoofing.
Only get PSBT files from trusted sources. Using unsigned or compromised PSBTs can put your funds at risk.
Avoid cheap or untrusted MicroSD cards. Faulty cards can corrupt files or cause errors during signing.
Beware of phishing attempts. Even the best hardware wallet can’t stop you from importing a malicious PSBT created by attackers.
Update Coldcard firmware regularly. While this sounds obvious, I’ve seen users skip updates, missing critical security patches.
Sticking to these habits significantly boosts your security posture.
Different hardware wallets support air-gapped PSBT workflows to varying degrees. Here’s a straightforward comparison highlighting Coldcard’s air-gapped MicroSD feature alongside some common considerations:
| Feature | Coldcard Air-Gapped PSBT via MicroSD | Typical USB-connected Hardware Wallet |
|---|---|---|
| Fully air-gapped signing | Yes | Often no, USB connection required |
| MicroSD support | Yes | Rarely |
| Secure element for signing | Yes | Yes |
| Visible transaction confirmation | On-device display | Often on-device, sometimes through companion app |
| Export XPUB to MicroSD | Yes | Often via USB only |
| Ease of use | Moderate (requires MicroSD handling) | Easier, but less secure |
The choice boils down to your threat model and willingness to handle more manual steps for added security.
Coldcard’s air-gapped PSBT signing shines when setting up multisignature wallets. For example, a common scenario is a 2-of-3 multisig where each participant holds a Coldcard device. To move funds:
This process reduces reliance on any single device or network-connected machine, dramatically lowering attack risks. But even single-signature setups benefit if you want to keep online computers never exposed to your private keys.
Occasionally, users might run into issues during PSBT signing—for example, a coldcard device might reject a PSBT due to format errors or corrupted files.
A couple of things I’d suggest:
Handling these basics avoids headaches and keeps your signing process smooth.
In my experience, coldcard PSBT MicroSD air-gapped signing provides a robust way to maintain Bitcoin security without tying your keys to internet-connected devices. It’s not hands-off easy—there’s some manual file management—but for those serious about protecting their crypto, it’s a trusted method.
If you’re considering Coldcard for this workflow, I suggest getting familiar with:
All of these inform a comprehensive, secure self-custody setup. And keep an eye on firmware updates to patch any vulnerabilities.
Remember: no method is perfectly secure if you skip daily security hygiene, so treat your seed phrase like the master key to a safe deposit box. It’s worth the effort.
Happy securing your Bitcoin the Coldcard way!