Thanks, that was a lot more clear. I think I now understand the pieces I was missing when I opened this thread.

I have to disagree. If the purpose of a hardware wallet is that the PK never leaves the hardware, and therefore also should not be loaded on to it. Then there is no option for backing up your PK which means you must be very careful where you put the hardware wallet, that you don't lose it, that is is not stolen, that it doesn't break, etc.

Which I would say is way more likely to happen than my own PKs should be compromised as long as I have followed protocol and generated them myself from a pc that was never connected anywhere else.



Thanks, that was exactly what I needed to know.

When are they generated, when I decide one to be generated? Or before I get the device?
How can I confirm that? can I review the source code on ledger, bitbox (not trezor) etc?

To be honest, if people seriously buy a piece of hardware with a preloaded pk and uses that..... oh my. For me that would be like security 101, NOT TO.
Even if I decide to trust the manufacture/company... which I dont. How could i know the ratailer didn't duplicate that key, how could I know that the post mail main who delivered the device didn't unpack my package and duplicated the key? How could I know that some intern in the production factory didn't duplicate the keys etc. 


Yeah, some would say I would be paranoid with this aswell. Reviewing an opensource code to be legit or writing my own. I mean. potato potato... It's not gonna be that big of a deal writing my own.


Yep, I was waiting for this comment

Hi, Since my (tiny amount) of bitcoin and other crypto's are starting to gain some relevant value I have been considering moving the ones of them that I see as an long term investment to a safer place. I'm pretty sure they are in good hands now, but I would like to put them in a bullet proof wallet. Which is why I have been considering buying a hardware wallet. But.... Due to the level of technical understanding among the average buyer, it seems to me that the retailers/manufactures lack technical explanation of how they actually work. And I have some questions I need answered before I would ever buy one.

(I'm talking about stuff like trezor, ledger etc.)

1.  Where does the private keys come from? Are they preloaded on the device when you buy it? In that case. How on earth could you be sure that your device is the ONLY place that exact private key exists?

2. Is it possible to "swipe" the hardware wallet and load your own private keys? And if so, is this easily done?

3. If I can put the hardware wallet in my laptop and send crypto currency stored on it to other address, what would keep a malicious piece of software on my computer from changing the address as I confirm the transaction?

4. Is it possible to; from a totally offline computer holding the private keys. Make an transaction, move the transaction to a usb key, plug that key in a online machine, publish the transaction to the blockchain, so that the private keys never "touches" a machine with internet access.


What I actually want.
My plan is to restore an old laptop without internet hardware, install a version of windows that I have from before bitcoins existence. Write my own code that will generate private keys. In my opinion, that is the only way you can be 100% sure that the private key I generate is not existing somewhere else as well. From this computer I can plug in my usb printer and print paper backups of the private keys, put them in the safe at my local bank. But I also need to be able to transfer the coins to other address if necessary without compromising my private keys.

I feel that the info text and video explanations on trezor and legder, bitbox is just showing some little usb thing and showing that "when you plug it out your money is safe" but they never explain the technical background that makes that possible. There is no explanation on why your private keys was not duplicated the moment you plugged it in to your computer, or before you even got the device. And there is no noob safe guide to load your own pks to the hardware wallet. Still it seems that every damn person is 100% sure that these are totally safe, so can someone please explain what I am missing. Thanks, just want to fully understand every little piece of security here, so I can keep my own money safe, and most important of all, so I don't advice my friends to secure their money with a system I don't fully understand.

Stay safe  Rasmus P