P2PKH Wallets from ColdCard MIA / any alternative routes?

[BitcoinCanSaveUsAll]

Hi all, I'm not sure if this is the right area to post this but I have some questions related to using Coldcard and figured this just might be the spot to get some solid feedback.

First of all I'd like to say that so far I've been very impressed with the Coldcard wallet that I've just received so far. I did however see one concern in that the "skeleton wallet" that it produces in advanced > microSD> export wallet. In this sub directory, the wallet it creates for the electrum wallet is excellent in that it allows you to chose the bitcoin address type (i.e. legacy, SEGWIT etc) however this option doesn't seem to be available for the importmulti command file that is created for Bitcoin core as it only seems to generate a native SEGWIT wallet with the m/84'/0'/ path.

Perhaps somehow I missed the option to create a P2PKH address there but I don't see it here anywhere. Either way this is certainly an important feature as the P2PHK message signing feature is the only way that I know of to confirm non-repudiation for your bitcoin keys. If this option is not there, then I certainly hope it was just simply overlooked and the team is working on implementing it ASAP. If so, then this would be the first hardware wallet that I'm aware of that not only allows you to use your own node directly, but also would let you know that you have your own private keys via message signing P2PKH.

Another interesting observation I had was that during my testing with the Coldcard I tried to create two different Bitcoin core wallets and looked at the commands generated for the importmulti command.  During the creation on the coldcard, you are first prompted to be able to enter the account number that you'd like to add.  My first attempt I used account number 22 ( m/84'/0'/22'/0/0..) and it structed the command with a certain XPUB.  I next tried to use the m/84'/0'/0"/0/0.. and noted that the command it created for this importmulti command was a completely different XPUB file.  Is this normal?  I would of imagined that the XPUB it used would be the same but there's where my understanding of XPUBs derived from the master public key vs. the derivation path kind of breaks down.  Either way any feedback here on how to create a P2PKH wallet for your Bitcoin core node with Cold card (like they have for Electrum) would be very helpful plus any feedback on the XPUB would be bonus.  Thanks in advance all!

[o_e_l_e_o]

My first attempt I used account number 22 ( m/84'/0'/22'/0/0..) and it structed the command with a certain XPUB.  I next tried to use the m/84'/0'/0"/0/0.. and noted that the command it created for this importmulti command was a completely different XPUB file.  Is this normal?  I would of imagined that the XPUB it used would be the same but there's where my understanding of XPUBs derived from the master public key vs. the derivation path kind of breaks down.

I don't own a ColdCard so cannot comment on the specifics you have mentioned, but yes, this is normal.

An xpub is your account extended public key. Lots of places refer to it as your master public key, but technically speaking, this is incorrect. Your master public key is at derivation path m. Your xpub from those two wallets will be at derivation path m/84'/0'/22' and m/84'/0'/0' respectively, and therefore, completely different. Not that the derivation path structure as laid out in BIP44 is as follows:

Code:

m / purpose' / coin_type' / account' / change / address_index

As you can see, you changed the account (the third number) from 0' to 22', which is the level the xpub is derived from. The two xpubs will therefore allow you to restore all the addresses in each respective wallet, but they will not allow you to restore addresses from a different wallet.

Also worth noting that the first three levels are hardened, as denoted by the ' symbol after the number. This means that if you were indeed dealing with the master public key at level m, you could not derive any addresses in either of your wallets, since you need the corresponding private keys to move down hardened paths.

[HCP]

... however this option doesn't seem to be available for the importmulti command file that is created for Bitcoin core as it only seems to generate a native SEGWIT wallet with the m/84'/0'/ path.

Perhaps somehow I missed the option to create a P2PKH address there but I don't see it here anywhere.

Disclaimer: I don't actually own a Coldcard... so this might be out of date or incorrect


According to their docs, it is indeed BIP84 only for Bitcoin Core:

For compatibility with other wallet software we use the BIP84 address derivation (m/84'/0'/{account}'/{change}/{index}) and native SegWit (bech32) addresses. It's recommended to set addresstype=bech32 in bitcoin.conf.

[BitcoinCanSaveUsAll]

Hi all and thank you for your replies.

@o_e_l_e_o,

Thank you for your overview of XPUBs and derivation paths for me. It was great information.

I was going to give everyone an update and let you know that I was able to modify the importmulti command generated by the ColdCard which initially set it for the wpkh (m/84'/0') and format it to import a watch only wallet into bitcoin core (v.20.0) after creating a new wallet in core with the private keys disabled by running the following command in the core console:

importmulti'[{"range": [0, 1000], "timestamp": "now","keypool": true, "watchonly": true, "desc":"pkh([fingerprint/44h/0h/0h]privatexpub/0/*)#correctchecksum", "internal":false}, {"range": [0, 1000], "timestamp": "now","keypool": true, "watchonly": true, "desc":"pkh([fingerprint/44h/0h/0h]privatexpub/1/*)#correctchecksum ", "internal":true}]'

The fingerprints, xpubs, and checksums were removed in the above command for privacy reasons.

Unfortunately for some reason when attempting to sign psbt transactions on the ColdCard that I generated from bitcoin core while I was able to spend from the correct addresses, the change address shown on the ColdCard during the signing verification is a native segwith (bc prefix) even though I thought my modified importmulti command would have told core to structure psbt transactions from this wallet so that it would route the change for these psbt transactions it created into another P2PKH address from the ColdCard wallet that I imported into it via the command above.

Perhaps you (or anyone else here) could have a look at this command and see if there was something structured wrong here?  The other item I noticed is that when pasting an address from the same wallet that I was able to spend from in core via psbt, it gave me a warning that the recipient address was not part of that wallet (which it was).  Not sure if this is a bitcoin core bug or something else going on here.  Either way thanks to everyone for their feedback in advance.

[HCP]

You should probably avoid trying to have 2 threads running on this topic... for other readers, the other thread is here: https://bitcointalk.org/index.php?topic=5357752.0

As I asked in my most recent post on that thread... did you try using decodepsbt in Bitcoin Core to see what Bitcoin Core is showing the change address to be?

If the address is showing as P2PKH in Bitcoin Core, but the Coldcard is showing it as P2WPKH (aka bech32), then it would appear it is a Coldcard issue... and you'll need to contact Coldcard support for guidance.

When I created the watching only wallet (using importmulti for a "legacy" format wallet and importdescriptors for a "descriptor" format wallet), it seemed to generate P2PKH change addresses in the PSBT.