Your BIP-39 seed phrase can be used to create any number of accounts in which you can store Bitcoins.
Each account has an associated Account Extended Private Key and Account Extended Public Key.
Any number of Account Extended Private/Public Keys can be derived from a given set of seed words, given a specific derivation path (such as
NEVER share an account's Extended Private Key.
However, an Account Public Key can be used by trusted, online wallets to derive all child public keys (addresses) associated with the given account. This is useful in sending, receiving and watching funds using a wallet (like Electrum) that does not have the associated private keys and, therefore, does not have the ability to sign transactions for the account.
The following procedure uses your seed words to derive an Account Extended Public Key on the secure, air-gapped Burrow device. We can provide this key to a trusted, online wallet (such as Electrum) so that it may watch and receive funds in this account.
Power up the Burrow device and press
[Enter] to get a prompt
Generate the Account Extended Public Key for Account 0 (P2WPKH)
burrow wallet -s "[24-word-seed]" listxpub -p P2WPKH and press
[24-word-seed] with your 24 seed words, separated by spaces, as follows:
burrow wallet -s "drink ready gasp sting mirror pumpkin renew differ police special vocal record" listxpub -p P2WPKH
The output will look similar to the following:
Note that the output is in the form:
0195135A) uniquely identifies the parent seed words (wallet) that this account belongs to. All accounts derived from this seed phrase will have the same fingerprint.
m/84'/0'/0') specifies how we use your seed phrase to derive the master keys for this account
zpub6r9cyaLCMmE...) is the Master Public Key for this account
Using a Sharpie, add the FINGERPRINT and PATH to the waterproof sheet containing your seed words, as follows:
Master Key Fingerprint: 0195135A Used Account Key Paths: m/84'/0'/0' (Native Segwit / P2WPKH) ___________(leave blank)____________ ___________(leave blank)____________
Make a note of the first and last several (8-ish) characters of the KEY on a separate piece of scrap paper (for example
Copy the Master Public Key for use with a watch-only wallet, such as Electrum, using a QR Code
clear and press
[UP ARROW] twice, until the previous command (
burrow wallet...) is displayed at the prompt
Edit the command by appending a space and
-q to the end of the command line so that it looks similar to the following:
burrow wallet -s "drink ready gasp sting mirror pumpkin renew differ police special vocal record" listxpub -p P2WPKH -q
[Enter] only as many times as necessary for your seed phrase to disappear from the screen, being careful to leave only the entire QR code on the screen
[ENTER]to regenerate the QR code and try again
Using your Android phone (and a QR code reader app), scan the QR code to copy the Master Public Key from the Burrow device
Verify the characters scanned by your Android phone QR code reader
Should start with
Should match the Account Public Key that was previously displayed by the device, the first/last characters of which you have recorded on your scrap paper. (Again, matching the first/last several characters is sufficient).
An attacker CANNOT use the account public key on its own to spend your funds
An attacker CAN use the account public key to derive all addresses associated with only this particular account on your seed, and, thus, will have access to your transaction and balance information - so this is a privacy concern
If, somehow, an attacker gets a hold of one of the child private keys associated with this account, then he CAN use that in conjunction with the account public key to steal funds from this particular account
Only expose copies of Account Extended Public Keys to wallets that you trust
Do not store unencrypted copies of it on internet-connected devices unnecessarily; dispose of it when finished and regenerate it when you need it
Continuing from the procedure above, press
[UP ARROW] so that the previous command shows up at the prompt
Modify the command to display the first 5 external addresses of the account
For verification purposes, you will want to match these addresses against what the COLDCARD and Electrum generate later in the setup, so either make a note of the first/last characters of the first few addresses or leave them displayed on the Burrow device for now if you plan to proceed immediately to COLDCARD and/or Electrum setup