Cold Wallet

1 Like

Here is a typical usage with testnet coins.

Generate keys (offline computer)

This part is identical to using a paper wallet or any sapling enabled HD wallet.

[hanh@archlinux zec]$ zcash-coldwallet generate >keys.txt
[hanh@archlinux zec]$ cat keys.txt 
Seed Phrase: crew hen auto reject cart eternal abandon machine raven fortune cargo arena rival increase ribbon correct zoo ability oil siege victory chat liquid deer
Derivation Path: m/32'/1'/0'
Secret Key: secret-extended-key-test1q0a006mxqqqqpqyu7lwfg203dkgser62cjmtpx4zhsnv03xdn7798fhsujzy05q0yjkps006cyk27rx6paqpru83dffrfedef7weptj62zknm095et2q4cn2a5aex476cz70sp04ylh9l26920zt9t2pj4eulkjuknaqvjsv2tfkez3atzmxekylu6zww7m9hkuq4qdt5jhr3qhkfp7twky65c8st224mlwkm08gu3cu3p3c3ntry0q67ccfjgksxmqz9p75fag0gac8eulud
Viewing Key: zxviewtestsapling1q0a006mxqqqqpqyu7lwfg203dkgser62cjmtpx4zhsnv03xdn7798fhsujzy05q0ynvr4d0dhj80tf6hvuxm4zh5q7v4fjg2c2y0cklgrdtavwun88l5pdqgpqjxer6m2w7yg4ml2762jf5dvsjjl4rgxgyrhn26qyn0gh922tfkez3atzmxekylu6zww7m9hkuq4qdt5jhr3qhkfp7twky65c8st224mlwkm08gu3cu3p3c3ntry0q67ccfjgksxmqz9p75fag0gactwgr96
Address: ztestsapling1e4xktna53kthk8hwyef4y8fe92qkhgx29fmd25k8fvzszt93h7gwgqhu904zdnnnqmuq226uc2v

Obviously, the secret key should be kept safe.

Initialize Db (online computer)

We switch to the online computer and setup the watch-only wallet.

[hanh@archlinux zec]$ zcash-coldwallet init-db

Initialize Account (online computer)

[hanh@archlinux zec]$ zcash-coldwallet init-account zxviewtestsapling1q0a006mxqqqqpqyu7lwfg203dkgser62cjmtpx4zhsnv03xdn7798fhsujzy05q0ynvr4d0dhj80tf6hvuxm4zh5q7v4fjg2c2y0cklgrdtavwun88l5pdqgpqjxer6m2w7yg4ml2762jf5dvsjjl4rgxgyrhn26qyn0gh922tfkez3atzmxekylu6zww7m9hkuq4qdt5jhr3qhkfp7twky65c8st224mlwkm08gu3cu3p3c3ntry0q67ccfjgksxmqz9p75fag0gactwgr96

Initial Sync (online computer)

[hanh@archlinux zec]$ zcash-coldwallet sync
Starting height: 1288000
Synced to 1292576
Scan completed
[hanh@archlinux zec]$ zcash-coldwallet get-balance
Balance: 0

There is no balance at this point since we didn’t receive any coin in our wallet.

Tap test faucet

Let’s use the test faucet to get 1 tZEC.

Go to and request a test ZEC to ztestsapling1e4xktna53kthk8hwyef4y8fe92qkhgx29fmd25k8fvzszt93h7gwgqhu904zdnnnqmuq226uc2v

Sync (online computer)

After 3 confirmations, check that we have received the tZEC.

[hanh@archlinux zec]$ zcash-coldwallet sync
Starting height: 1292577
Synced to 1292579
Scan completed
[hanh@archlinux zec]$ zcash-coldwallet get-balance
Balance: 1

Prepare spending transaction (online computer)

Now we are going to send 0.5 tZEC to the same address. The balance remains the same minus the transaction fee (0.00001 tZEC).

[hanh@archlinux zec]$ zcash-coldwallet prepare-tx ztestsapling1e4xktna53kthk8hwyef4y8fe92qkhgx29fmd25k8fvzszt93h7gwgqhu904zdnnnqmuq226uc2v 0.5 tx.json
Not enough funds: 0 < 0.50001 ZEC

Coins have to mature 10 blocks before they can be spent. We need to wait longer.

[hanh@archlinux zec]$ zcash-coldwallet sync
Starting height: 1292580
Synced to 1292588
Scan completed
[hanh@archlinux zec]$ zcash-coldwallet prepare-tx ztestsapling1e4xktna53kthk8hwyef4y8fe92qkhgx29fmd25k8fvzszt93h7gwgqhu904zdnnnqmuq226uc2v 0.5 tx.json

The transaction is stored in the file tx.json. We copy this file to the offline computer (using a USB stick) and continue there.

Sign transaction (offline computer)

This signs the transaction with our secret key.

[hanh@archlinux zec]$ zcash-coldwallet sign secret-extended-key-test1q0a006mxqqqqpqyu7lwfg203dkgser62cjmtpx4zhsnv03xdn7798fhsujzy05q0yjkps006cyk27rx6paqpru83dffrfedef7weptj62zknm095et2q4cn2a5aex476cz70sp04ylh9l26920zt9t2pj4eulkjuknaqvjsv2tfkez3atzmxekylu6zww7m9hkuq4qdt5jhr3qhkfp7twky65c8st224mlwkm08gu3cu3p3c3ntry0q67ccfjgksxmqz9p75fag0gac8eulud tx.json tx.raw
Payment of 0.5 ZEC to ztestsapling1e4xktna53kthk8hwyef4y8fe92qkhgx29fmd25k8fvzszt93h7gwgqhu904zdnnnqmuq226uc2v

The signed transaction is in tx.raw. We copy this file back to the online computer and finish up there.

Broadcast signed transaction (online computer)

[hanh@archlinux zec]$ zcash-coldwallet submit tx.raw
Success! tx id: "ed19603c432f2bb89380a6516dd51513665447ad68ea52a660c8cd1802c2955c"

The transaction can be checked on a testnet explorer. For example:

Update balance

Let’s resync to update our wallet.

[hanh@archlinux zec]$ zcash-coldwallet sync
Starting height: 1292589
Synced to 1292619
Scan completed
[hanh@archlinux zec]$ zcash-coldwallet get-balance
Balance: 0.99999

As expected, we just lost the transaction fee of 0.00001 tZEC


Thanks for this, @hanh! It’s very clear how you would execute this project, thanks for that.

The ZOMG have had a discussion. We like anything that is related to better security.

Could you help us understand what the use case is, and what demand would be like for this could be? We want to make sure that if this is built, it has the potential to be well-adopted.

Separately, for which other crypto assets have you done this? Just for our background.

This should be useful until shielded hardware wallets arrive. Security and privacy should not be mutually exclusive and offline shielded transaction signing is important to help ensure that.


@Javier Exactly
@ml_sudo At this moment, hardware wallets (ledger and trezor) do not support shielded addresses. I have been following the work of the company zondax about zcash on ledger. It is promising but unfortunately, they won’t be ready for a while. So currently, if you want to use shielded addresses, you must use zcashd, lightwalletd or a wallet based on these two.
These products store the secret key in a local file. Even though it can be encrypted, the fact that the machine is online remains a concern (in my opinion). A hacker could install a keylogger or replace the wallet executable with a version that sends him the key once it is decrypted.

Many other cryptocurrencies offer a cold wallet that eliminates this problem by keeping the secret on an offline computer. For example, bitcoin has electrum. Ethereum has MEW offline. As a matter of fact, all exchanges use cold wallets nowadays.

I wrote a cold wallet for bitcoin before Electrum had this feature. GitHub - hhanh00/offlinesig: Cold storage BIP 44 wallet


Thanks @hanh! I’ll bring this back to the ZOMG.

Cold wallets seem to cover a different use than hardware wallets too. Hardware wallets can break, loose compatibility (USB cables get upgraded), rely on the software of the vendor…
It looks like cold wallets are a nice feature for very long term storage.

Interesting idea.

Would you consider developing this feature on top of ZecPaperWallet? I believe this can help both the development and distribution of this project.

Also might be a good consideration for ZOMG @ml_sudo


1 Like

You can use this tool to generate a paper wallet for sapling so you don’t need to use ZecPaperWallet. If you already have a paper wallet (made by ZecPaperWallet or another tool), you could use it with this tool too. In my opinion, they don’t need to be integrated and I would rather keep my tool as simple as possible.

1 Like