That's getting to the crux of my not understanding this:
How does a thing that is not on the internet generate an address/wallet/keys that are needed to do anything on the blockchain? I don't get it. I've been watching videos and I understand HOW most hardware wallets work, EXCEPT for this one thing that just doesn't make sense to me yet.
Very simplified, it takes your private key and a derivation path and hashes that. The derivation path is just a sequence of numbers, and if you increment one of those numbers, you get a new private key.
The fun bit is you can apply the same derivation path to the public key, and get a new address which belongs to the derived private key.
Therefore if you have the master private key on a separate device, and the master public key somewhere else, they don't need to communicate to get a new address to receive, which you have the private key to spend for offline.
This is very simplified, there's probably a few more steps involved, but this (I think) is the gist of why you don't need internet.
This is a playground where you can play around. If you click generate, you'll see a list of addresses, public keys and private keys at the bottom of the page. These are all generated from the same entropy, and you don't need anything else.
WRNING: do NOT use private keys based off of this website. This is a public website and you should never put private keys in there or use private keys generated from a public website.
I... Don't really follow this yet.
No problem, they're tricky concepts to get your head around. Are you more of a visual learner?
Maybe something like https://www.youtube.com/watch?v=bBC-nXj3Ng4 helps, although I'm not sure if this actually covers your questions.
If you load the same key and the correct path into different wallets, and it properly generates a new address for every transaction, would the two wallets generate the same address in a sequential fashion? Or could it conceivably sit there for years, searching through billions of addresses?
Sorry to butt in on this. Are you having trouble with how the signing happens without the cold wallet going "online" as in connecting to another internet connected device? ColdCard is the only device I have experience with, but signing can be done over SD card, or USB transport.
Your other question: Why use hardware over seed import. There is never a trace of your private key on the "hot" device. You'd "never" have to worry about leaked private key data if it never leaves the signing device.
It may be worth looking into the secp256k1 algorithm to understand what keys are, how they are generated and stored etc. Oversimplified: if you can securely generate a 256bit number that is valid on the curve, you have your private key.
Some examples from coldcard that might help
It's not butting in, my dude. I appreciate all the participation in this thread!
Thanks! I'll check that out.
