Storing Bitcoin with Multisig with your KeepKey and Electrum

Highlander
5 min readJan 23, 2023

--

Using electrum to mange your bitcoin on a keepkey

Bitcoin multisig is a type of wallet that requires multiple signatures in order to send or spend funds. It is an important security feature that helps to ensure that funds are only spent when multiple parties agree.

This can help to protect against theft, malicious actors, and unauthorized transactions.

With multisig, each transaction needs to be approved by multiple individuals. This adds an extra layer of security to the transactions and makes it less likely that someone can gain access to the funds without authorization.

Additionally, it can help to protect against the loss of private keys, as even if one key is lost, the other keys can still be used to sign transactions.

Download electrum here:

Start the application:

Select use hardware device

Scan for keepkey (verify no other applications are running)

for more troubleshooting tips check out this (link)

Enter your KeepKey pin (if enabled)

Select your script type

Bitcoin Legacy P2PKH: Bitcoin Legacy P2PKH is the original script type used by Bitcoin. It is a pay-to-public-key-hash script that stores the hash of the public key of the intended recipient of the funds. It requires the sender to provide the public key of the recipient in order to create the transaction.

P2SH-SegWit: P2SH-SegWit is an improvement to the Bitcoin Legacy P2PKH script. It is a pay-to-script-hash script that utilizes SegWit technology. This script requires the sender to provide a redeem script in order to create the transaction. The redeem script is used to verify the transaction and is stored in a SegWit address.

Native SegWit: Native SegWit is a new script type that utilizes the native SegWit technology. This script type is not backward compatible with the Bitcoin Legacy P2PKH script and requires the sender to provide a witness program in order to create the transaction. The witness program is used to verify the transaction and is stored in a native SegWit address.

If you use bip39 passphrase enter it

(more info on passphrases)

Multisig Wallets

This tutorial shows how to create a 2 of 2 multisig wallet. A 2 of 2 multisig consists of 2 separate wallets (usually on separate machines and potentially controlled by separate people) that have to be used in conjunction in order to access the funds. Both wallets have the same set of Addresses.

  • A common use-case for this is if you want to collaboratively control funds: maybe you and your friend run a company together and certain funds should only be spendable if you both agree.
  • Another one is security: One of the wallets can be on your main machine, while the other one is on a offline machine. That way you make it very hard for an attacker or malware to steal your coins.

Create a pair of 2-of-2 wallets

Each cosigner needs to do this: In the menu select File->New, then select “Multi-signature wallet”. On the next screen, select 2 of 2.

After connecting your keepkey you will need to provide the master public key of the other wallet.

Put the master public key of the other wallet into the lower box. Of course when you create the other wallet, you put the master public key of this one.

You will need to do this in parallel for the two wallets. Note that you can press cancel during this step, and reopen the file later.

Receiving

Check that both wallets generate the same set of Addresses. You can now send to these Addresses (note they start with a “3”) with any wallet that can send to P2SH Addresses.

Spending

To spend coins from a 2-of-2 wallet, two cosigners need to sign a transaction collaboratively.

To accomplish this, create a transaction using one of the wallets (by filling out the form on the “send” tab)

After signing, a window is shown with the transaction details.

The transaction has to be sent to the second wallet.

For this you have multiple options:

  • you can transfer the file on a usb stick
  • you can use QR codes
  • you can use a remote server, with the CosignerPool plugin.

Transfer a file

You can save the partially signed transaction to a file (using the “save” button), transfer that to the machine where the second wallet is running (via usb stick, for example) and load it there (using Tools -> Load transaction -> from file)

Use QR-Code

There’s also a button showing a qr-code icon. Clicking that will display a qr-code containing the transaction that can be scanned into the second wallet (Tools -> Load Transaction -> From QR Code)

Use the Cosigner Pool Plugin

For this to work the Plugin “Cosigner Pool” needs to be enabled (Tools -> Plugins) with both wallets.

Once the plugin is enabled, you will see a button labeled “Send to cosigner”. Clicking it sends the partially signed transaction to a central server. Note that the transaction is encrypted with your cosigner’s master public key.

When the cosigner wallet is started, it will get a notification that a partially signed transaction is available:

The transaction is encrypted with the cosigner’s master public key; the password is needed to decrypt it.

With all of the above methods, you can now add the second signature to the transaction (using the “sign” button). It can then be broadcast to the network.

For more information on electrum

https://electrum.readthedocs.io/en/latest/index.html

--

--