Use Burrow to Derive an Account Key and Addresses (~25 min)

Your BIP-39 seed phrase can be used to create any number of accounts in which you can store Bitcoins.
Each account has an associated Account Extended Private Key and Account Extended Public Key.
Any number of Account Extended Private/Public Keys can be derived from a given set of seed words, given a specific derivation path (such as m/84'/0'/0')
NEVER share an account's Extended Private Key.
However, an Account Public Key can be used by trusted, online wallets to derive all child public keys (addresses) associated with the given account. This is useful in sending, receiving and watching funds using a wallet (like Electrum) that does not have the associated private keys and, therefore, does not have the ability to sign transactions for the account.

Derive Account Extended Key

The following procedure uses your seed words to derive an Account Extended Public Key on the secure, air-gapped Burrow device. We can provide this key to a trusted, online wallet (such as Electrum) so that it may watch and receive funds in this account.

Power up the Burrow device and press [Enter] to get a prompt
Generate the Account Extended Public Key for Account 0 (P2WPKH)
1. Type burrow wallet -s "[24-word-seed]" listxpub -p P2WPKH and press [Enter]
  - Replace [24-word-seed] with your 24 seed words, separated by spaces, as follows:
```
burrow wallet -s "drink ready gasp sting mirror pumpkin renew differ police special vocal record" listxpub -p P2WPKH
```
  - The output will look similar to the following:
```
[0195135A:m/84'/0'/0']zpub6r9cyaLCMmEFHi9LsRdfic4Kq15APVDjYj7J2FVCEXyrdHoxzNJkSq6Y5imaYspxaLDNFBM8JDtPewTGUyEjUFnhfp4CmtcwmRCeKaZLKRm
```
    Note that the output is in the form: [FINGERPRINT:PATH]KEY
    - FINGERPRINT (0195135A) uniquely identifies the parent seed words (wallet) that this account belongs to. All accounts derived from this seed phrase will have the same fingerprint.
    - PATH (m/84'/0'/0') specifies how we use your seed phrase to derive the master keys for this account
    - KEY (zpub6r9cyaLCMmE...) is the Master Public Key for this account
2. Using a Sharpie, add the FINGERPRINT and PATH to the waterproof sheet containing your seed words, as follows:
```
Master Key Fingerprint: 0195135A
Used Account Key Paths: m/84'/0'/0' (Native Segwit / P2WPKH)
                        ___________(leave blank)____________
                        ___________(leave blank)____________
```
  - As there are an infinite number of keys that can theoretically be derived from your seed phrase, it will make it easier for those trying to recover funds to do so if they know exactly which key paths of your seed phrase you are using.
3. Make a note of the first and last several (8-ish) characters of the KEY on a separate piece of scrap paper (for example zpub6r9cyaL...KaZLKRm)
Copy the Master Public Key for use with a watch-only wallet, such as Electrum, using a QR Code
1. Type clear and press [Enter]
2. Press [UP ARROW] twice, until the previous command (burrow wallet...) is displayed at the prompt
3. Edit the command by appending a space and -q to the end of the command line so that it looks similar to the following:
```
burrow wallet -s "drink ready gasp sting mirror pumpkin renew differ police special vocal record" listxpub -p P2WPKH -q
```
4. Press [Enter]
5. Press [Enter] only as many times as necessary for your seed phrase to disappear from the screen, being careful to leave only the entire QR code on the screen
  - Note: If you went too far and "disappeared" the first line(s) of the QR code, press [UP ARROW] then [ENTER] to regenerate the QR code and try again
6. Using your Android phone (and a QR code reader app), scan the QR code to copy the Master Public Key from the Burrow device
7. Verify the characters scanned by your Android phone QR code reader
  1. Should start with zpub
  2. Should match the Account Public Key that was previously displayed by the device, the first/last characters of which you have recorded on your scrap paper. (Again, matching the first/last several characters is sufficient).

Treat the Account Extended Public Key as Moderately Sensitive Information

An attacker CANNOT use the account public key on its own to spend your funds
An attacker CAN use the account public key to derive all addresses associated with only this particular account on your seed, and, thus, will have access to your transaction and balance information - so this is a privacy concern
If, somehow, an attacker gets a hold of one of the child private keys associated with this account, then he CAN use that in conjunction with the account public key to steal funds from this particular account

Therefore…

Only expose copies of Account Extended Public Keys to wallets that you trust
Do not store unencrypted copies of it on internet-connected devices unnecessarily; dispose of it when finished and regenerate it when you need it

Derive Addresses

Continuing from the procedure above, press [UP ARROW] so that the previous command shows up at the prompt
Modify the command to display the first 5 external addresses of the account
1. Replace listxpub with listaddress
2. Delete -q
3. Press [Enter]
  - The Burrow device will display the first 10 external address for the account, along with their derivation paths and master fingerprint
For verification purposes, you will want to match these addresses against what the COLDCARD and Electrum generate later in the setup, so either make a note of the first/last characters of the first few addresses or leave them displayed on the Burrow device for now if you plan to proceed immediately to COLDCARD and/or Electrum setup