Wallet is the signing devise from which funds can be sent spent or secured.
Bitcoin is in your wallet or someone else's wallet. Custodial vs. Non custodial.
Not your keys not your cheese.
Discussion
Another dumb question:
Why do I need a device to sign an outgoing transaction? If I have the keys, why do I need a device to do that?
You could do it with pen and paper and complex math that nobody but 0.00001% of people understand.
or you can hire a computer to do the complex math for you using libraries which are well tested.
But if you use a computer connected to the internet, then you seed is no longer "cold"
So that is why we employ "hardware wallets", which are minimalist special purpose computers to do the math on a cold seed, and have the confidence that the seed hasnt accidentally "gotten hot".
"You could do it with pen and paper and complex math that nobody but 0.00001% of people understand."
Sure, but... If the hardware wallet generates keys, and does not connect to the internet how does the blockchain network know that:
A. I "own" (have the keys for) that wallet address?
B. Even know that address exists?
You send the transaction to the device (usb, qr, whatever) the device signs the transaction, and then sends it back to the computer to be broadcast to the Bitcoin network.
Why? The wallet is a blockchain address, not something on the device. Why do I need a thing to just store BTC?
The "wallet" isn't a blockchain address, it is a private key used to sign Bitcoin transactions. A cold storage device stores those keys in a place they can't be easily stolen from, and let's you sign transactions to broadcast to the blockchain
It can't do that without some kind of connection to the internet, so... How does that not just defeat the purpose of the thing?
That's the whole point of a cold wallet 😂 The key is on an external, non internet connected device. You use that to sign the transaction, then transfer the signed transaction back to an internet connected device to broadcast to the blockchain.
But why do I need a device to do that? If I just have the key, I can sign.
You don't need one, but it is probably more secure. A key stored on your computer or phone can be more vulnerable to theft, hacking, malware, etc.
The real answer is you really don’t need a hww/signing device.
You only really need one if you want to make & keep xpub/xpriv completely offline for maximum security.
The blockchain knows UTXOs and locks (locking scripts). An address ~= a public key.
When you sign a transaction with your hww you give your wallet a PSBT which contains the UTXOs you want to spend, and the UTXOs you want to create.
Something which does have a view of the network is what creates the PSBT, so it knows what UTXOs are yours.
Both the hww and the thing that makes the PSBT knows your public key (xpub) and using that info can determine 1. What UTXOs are yours, and 2. That it can sign for the UTXOs
You prove that you own it by signing for it
Hopefully that helps
The keys never leave the device. If you input your keys somewhere and that somewhere is compromised, goodbye coins.
I'm aware of that, and why I'm asking, but I also don't understand how one thing works, and I'll read more replies before asking....
The device and PIN is needed to authorize a spend or send. This validates the holder is the owner. I'm guessing Without that check, anyone's funds could be sent or spent without their knowledge. So best to keep the wallet, PIN and seed/keys seperate.
They keys would only used to recover your authority IF you needed a new wallet.
That's still not answering the questions I have, which I elaborated in a reply below.
you don't. In theory you can sign a transaction with any node you can access via RCP. But you need to know what you're doing. Best solution is having keys on a pen-drive with PGP and an offline device like an old laptop. You put Electrum on that laptop, create a new wallet with seed, backup that seed and then forget about it cause you wont need it, ever.
Then, when you want to move coins on-chain you'd plugin your usb stick to the offline device. Import the key you need to that wallet, sign your transaction, download the tx to a different usb drive and then you can delete the private key again from that wallet.
Then you go to your online machine, open electrum and transmit the signed offline transaction to the blockchain. done.