Replying to Avatar boston wine

Coldcard sending question…

You plug in the SD card to sign the transaction, and then plug it back into your computer to finalize.

Is the signature on the SD card vulnerable in any way? Or is it just an output that indicates it was signed by the private key?
Avatar
radii 2y ago

Yes, from a wallet-hacking standpoint that's my understanding. Less surface area for attack than USB.

Reply to this note

Please Login to reply.

Discussion

Avatar
boston wine 2y ago

Yes meaning it’s just “confirmation” of a signature but no compromise of the key itself?

Avatar
radii 2y ago

Yes I think in any signing operation that’s the idea, that there is no way to recover the private key from its signature, which is a hash of the private key and txt data, it’s a one way function. I am no expert though