You don't *unless* you are doing on chain transfers, or you want to receive funds on a unique address. You're right in that hardware wallets are a redundancy IE if the metal is lost or hard drives fail.
I would say that Metal backups are more indestructible, but they need different security.
Jameson Lopp might have a good video or blog about this.
That's getting to the crux of my not understanding this:
How does a thing that is not on the internet generate an address/wallet/keys that are needed to do anything on the blockchain? I don't get it. I've been watching videos and I understand HOW most hardware wallets work, EXCEPT for this one thing that just doesn't make sense to me yet.
Very simplified, it takes your private key and a derivation path and hashes that. The derivation path is just a sequence of numbers, and if you increment one of those numbers, you get a new private key.
The fun bit is you can apply the same derivation path to the public key, and get a new address which belongs to the derived private key.
Therefore if you have the master private key on a separate device, and the master public key somewhere else, they don't need to communicate to get a new address to receive, which you have the private key to spend for offline.
This is very simplified, there's probably a few more steps involved, but this (I think) is the gist of why you don't need internet.
This is a playground where you can play around. If you click generate, you'll see a list of addresses, public keys and private keys at the bottom of the page. These are all generated from the same entropy, and you don't need anything else.
WRNING: do NOT use private keys based off of this website. This is a public website and you should never put private keys in there or use private keys generated from a public website.
I... Don't really follow this yet.
No problem, they're tricky concepts to get your head around. Are you more of a visual learner?
Maybe something like https://www.youtube.com/watch?v=bBC-nXj3Ng4 helps, although I'm not sure if this actually covers your questions.
If you load the same key and the correct path into different wallets, and it properly generates a new address for every transaction, would the two wallets generate the same address in a sequential fashion? Or could it conceivably sit there for years, searching through billions of addresses?
Sorry to butt in on this. Are you having trouble with how the signing happens without the cold wallet going "online" as in connecting to another internet connected device? ColdCard is the only device I have experience with, but signing can be done over SD card, or USB transport.
Your other question: Why use hardware over seed import. There is never a trace of your private key on the "hot" device. You'd "never" have to worry about leaked private key data if it never leaves the signing device.
It may be worth looking into the secp256k1 algorithm to understand what keys are, how they are generated and stored etc. Oversimplified: if you can securely generate a 256bit number that is valid on the curve, you have your private key.
Some examples from coldcard that might help
It's not butting in, my dude. I appreciate all the participation in this thread!
Thanks! I'll check that out.
The keys stay on the hardware wallet, the transaction is just sending a message that was signed using the keys stored on the wallet. It's the same general flow whether it's a partially signed Bitcoin transaction from a cold card transferred via micro SD to a computer or a Ledger or trezor which connects directly to the computer..
I don't understand why you need to access the keys. At all.
You can do this with an offline computer running those bip39 webpages saved locally. Or you can poke around GitHub and find Python scripts that also do this offline.
The address is our generated with the private key and the wallets hd path, see walletsrecovery.org
This is a good question to put on bitcoin.stackexchange.com. That's where I go with hard questions.
Have you read the Bitcoin white paper as well? It might answer some of your questions
Nope. I have not read the whole thing. I'm not really into BTC much. It's useful and powerful, but, it's so little of my life I just don't really care that much when I have too many other things to turn my attention to!
So also the hardware wallets have a security chip which has been proven to generate a key that is random. Although there are some who are paranoid about even those chips being "random enough" and those people generate their phrase using dice and the diceware lookup table. The seed phrase is just a friendly way of representing the actual 256 bit hexadecimal string which Bitcoin core actually uses.
I get generation thing. What I'm not getting is how you can possibly "receive" BTC to that address/whatever without going on line. You have to go online at some point to interact with the blockchain. Since that is the case, what is the point of having a hardware "wallet?"
All the private keys and associated addresses already exist. You don’t create them, you find them. You can do that multiple ways, by hand, with software/hardware, or combination
If they already exist, how can you claim to access one, if not ONLY by going online and signing transactions?
You can receive without ever going online. But yes to send you need to sign a transaction and send to mempool
How can you "claim" an address as yours without going online? Your saying someone can just pick random addresses and send a bunch of BTC to them, and anyone who derives that address can go "get" that BTC? If that's the case, can't more than one person try to claim it?
Theoretically yes. You don’t claim private keys and addresses. Theoretically someone could randomly generate your same private key. But there’s some sufficiently large ( like more than the amount of atoms in the universe or something?) number of private key pairs to where both of those things are, in practice, impossible
Also, I am no expert, but this is my understanding.
That's what I also understand, but, gosh... That makes me feel a bit squidgy about the whole thing...
