Docs Menu
/

User Guide

Select Chapter
Chapter 1: Quickstart! Start Here!
Chapter 2: Guide For Bitcoin Beginners
Chapter 3: Hardware Features
Chapter 4: BIP-39 Passphrase
Chapter 5: COLDCARD Middle Ground Guide
Chapter 6: COLDCARD Paranoid Guide
Chapter 7: COLDCARD Ultra Quick Guide
Chapter 8: Compatible Software Wallets and Tools
Chapter 9: Derivation Paths and Accounts
Chapter 10: Encrypted Backups
Chapter 11: HSM Mode and CKBunker
Chapter 12: How to Clone or Migrate a COLDCARD
Chapter 13: Message Signing
Chapter 14: Migrate from Ledger or Trezor to COLDCARD
Chapter 15: Recovery Cards Downloads
Chapter 16: Sending and Receiving Bitcoin for Beginners
Chapter 17: Upgrade Firmware
Chapter 18: microSD Card Related
Chapter 19: Settings Menu
Chapter 20: Address Explorer
Chapter 21: BIP-85 Passwords
Chapter 22: Descriptor Export
Chapter 23: Descriptors & Multisig
Chapter 24: Ephemeral Seed
Chapter 25: NFC Tools
Chapter 26: Advanced Menu
Chapter 27: Importing or Creating Private Keys
Chapter 28: Multisig Features
Chapter 29: Command Line Tools
Chapter 30: Downloads
Chapter 31: Version History
Chapter 32: Verifying Dice Roll Math
Chapter 33: Paper Wallets
Chapter 34: Export Deterministic Entropy (BIP-85)
Chapter 35: Seed XOR
Chapter 36: Glossary
Chapter 37: Trouble Shooting
Chapter 38: Table of Contents

BIP-85 Passwords



Video: BIP-85 Passwords in Simulator

This feature derives a deterministic password from your seed, according to BIP-85 (with the recent changes proposed here). Generated passwords can be sent as keystrokes via USB to the host computer, effectively using Coldcard as specialized password manager.

In addition to deriving up to 10,000 distinct secure passwords, the Coldcard Mk4 can also type them into a computer by emulating a USB keyboard, and simulating the keystrokes needed to type the password.

(new in v5.0.5, requires Mk4)

Requirements
  • Coldcard Mk4 with version 5.0.5 or newer
  • USB-C with data link (won't work with power only cable from Coinkite)

Type Passwords over USB

  1. To enable "Type Passwords" feature, connect your Coldcard to host PC with USB cable (check requirements) and go to Settings -> Keyboard EMU -> Enable.

    bip-85 demo

  2. Go back to top menu and "Type Passwords" option will be shown below "Address Explorer".

  3. When it is time to enter a secret password, select "Type Passwords" from the main menu. After an information screen, the USB emulation will be switch to keyboard emulation and Switching... shown on the screen.
  4. Choose "Password index" (BIP-85 index) and press OK to generate that password.
  5. It takes a moment to generate the password, and then you can scroll down to check BIP-85 path used and double-check password to be typed.
  6. To send keystrokes, place mouse at required password prompt and press OK. This will send desired keystrokes plus hit enter at the end.
  7. You are back at step 4, and can continue to generate passwords or you can press X to exit. Exiting from "Type Passwords" will cause Coldcard to turn off keyboard emulation and enable normal USB mode if it was enabled before. Otherwise, USB stays disabled.

bip-85 demo

View BIP-85 passwords

  1. Go to Advanced/Tools -> Derive Seed B85 -> Passwords
  2. Choose "Password/Index number" (BIP-85 index) and press OK to generate password.
  3. Screen shows generated password, path, and entropy from which password was derived
  4. A few different options are available at this point:
  5. press 1 to save password backup file on MicroSD card (cleartext!)
  6. press 2 to send keystrokes (this will first of all enable keyboard emulation, then send keystrokes + enter, and finally disables keyboard emulation)
  7. press 3 to view password as QR code
  8. press 4 to send over NFC (only appears when NFC is enabled)

bip-85 demo

Keyboard language settings

Emulated Keystrokes are mapped to specific characters based on your host PC keyboard language settings. For Coldcard to be able to type the correct BIP-85 password your host computer MUST use language settings that corresponds to a QWERTY key layout, including number row directly above QWERTY:

1 2 3 4 5 6 7 8 9 0 - =
 Q W E R T Y U I O P [ ] \
  A S D F G H J K L ; '
   Z X C V B N M , . /

Passwords generated and shown on Coldcard will always be correct with respect to BIP-85. However, when sending keystrokes, for example on German keyboard, what was typed will not match the text that was generated and shown on Coldcard's screen.

For example, if the correct password is zYLoepugzdVJvdL56ogNV but when used with German keyboard language settings, what will be typed is yZLoepugydVJvdL56ogNV. You can see that German keyboard is not QWERTY, but it is QUERTZ (y and z are swapped).

Even with "non-standard" keyboard language settings, Coldcard always sends exact same keystrokes for specific password index. It is deterministic, as long the keyboard language settings do not change. However, BIP-85 won't be respected in this case.

Coldcard Specifics

Check BIP-85 for complete specification of the new addition to BIP-85.

Coldcard does not allow you to specify password length - we always use length of 21. Passwords of this length generated according to BIP will have approximately 126 bits of entropy. This is on par with bitcoin security model and therefore all passwords the Coldcard will generate are considered very strong.

Examples

Using below seed, path and index, we generate passwords shown in the table:

wife shiver author away frog air rough vanish fantasy frozen noodle athlete pioneer citizen symptom firm much faith extend rare axis garment kiwi clarify
Index Path Password
0 m/83696968'/707764'/21'/0' BSdrypS+J4Wr1q8DWjbFE
1 m/83696968'/707764'/21'/1' TkDX7d9fnX9FZ9QEpjFDB
2 m/83696968'/707764'/21'/2' cvfdmoZL3BcIpJ7G+Rb8k
3 m/83696968'/707764'/21'/3' wsCALdN+GgbSOGyGE9aRN
4 m/83696968'/707764'/21'/4' HfYbWx7gVmUmb2Bw4o4QD
5 m/83696968'/707764'/21'/5' vLOf9WPO5QiPbOTEbz/yJ
6 m/83696968'/707764'/21'/6' 1oSUs7Cy3fnpdh/fAS7EK
7 m/83696968'/707764'/21'/7' seh9WN6mlvPPB5jdVz3xN
8 m/83696968'/707764'/21'/8' U4RD0R0A0RjpHOFtwnv9k

Incompatible Applications

Although the Coldcard is emulating a keyboard at the lowest possible level, for some reason occasionally high-level applications have trouble with our high-speed typing.

  • KeePass2 2.45 (under Ubuntu). Capital/lowercase letters may be incorrectly typed. Use KeePassXC instead.

Video Tutorial

Previous Next

Search Results for ""

We've found relevant search results.