- CKBunker preview screencast (youtube)
- Usage examples for HSM/CKBunker.
- CKBunker Documentation Website
- Github for CKBunker
- HSM Feature (on Coldcard) Docs
What is the Coinkite Bunker?
It's a python program that you run on a computer attached to a Coldcard. It will setup and operate the Coldcard in "HSM Mode" where it signs without a human pressing the OK key. To keep your funds safe, the Coldcard implements a complex set of spending rules which cannot be changed once HSM mode is started.
tord (Tor deamon) you already have, the CK Bunker can
make itself available as a hidden service for remote access over
Tor. A pretty website for setup and operation allows access to all
HSM-related Coldcard features, including:
- transaction signing, by uploading a PSBT; can broadcast signed txn using Blockstream.info (onion)
- define policy rules, spending limits, velocity controls, logging policy
- user setup (TOTP QR scan to enroll on Coldcard, or random passwords (Coldcard) or known password
The bunker encrypts its own settings and stores the private key for that inside Coldcard's storage locker (which is kept inside the secure element of the Coldcard). The private key for the onion service, for example, is protected by that key.
What is Coldcard?
Coldcard is a Cheap, Ultra-secure & Opensource Hardware Wallet for Bitcoin. Get yours at ColdcardWallet.com
Learn more about the Coldcard HSM-related features.
Follow @COLDCARDwallet on Twitter to keep up with the latest updates and security alerts.
Will HSM mode be supported on Mk1 or Mk2?
Sorry no. CK Bunker only works on Mk3 because we need the extra RAM and the newer features of the 608 secure element.
What is HSM?
"Hardware Security Module"
Learn more about the Coldcard in HSM Mode
"Basically the cost of a Bitcoin HSM with custom policies is now the cost of a coldcard and you don't need a thirty party to maintain it." - Francis P.