From 73bb6b850d723fd6971aa0b0e8bfc4604591adbf Mon Sep 17 00:00:00 2001 From: "Peter D. Gray" Date: Tue, 12 Aug 2025 10:28:44 -0400 Subject: [PATCH] few notes --- docs/menu-tree.txt | 1 + docs/spending-policy.md | 18 ++++++++++++++++++ docs/web2fa.md | 2 +- 3 files changed, 20 insertions(+), 1 deletion(-) create mode 100644 docs/spending-policy.md diff --git a/docs/menu-tree.txt b/docs/menu-tree.txt index 0f40e857..0bb460d3 100644 --- a/docs/menu-tree.txt +++ b/docs/menu-tree.txt @@ -30,6 +30,7 @@ Tapsigner Backup Seed XOR Migrate Coldcard + Key Teleport (start) Help Advanced/Tools View Identity diff --git a/docs/spending-policy.md b/docs/spending-policy.md new file mode 100644 index 00000000..3b398a54 --- /dev/null +++ b/docs/spending-policy.md @@ -0,0 +1,18 @@ + +# Spending Policy + +A special mode where your coldcard will stop you from signing transactions if +they exceed a spending policy you define beforehand. + + + +## Tips and Tricks + +If you are using a BIP-39 passphrase for everything, you should +probably do a "Lock Down Seed" (Advanced/Tools > Danger Zone > Seed +Functions) first. This takes your master seed and bip-39 passphrase +and cooks them together into an XPRV which then is stored as your +master secret (not a seed phrase anymore). This process cannot be +reversed, so other funds you may have on the same seed words are +protected. Once you are operating in XPRV mode, you can define a +spending policy and know that it is restricted to only that wallet. diff --git a/docs/web2fa.md b/docs/web2fa.md index c465562f..4f0e04e1 100644 --- a/docs/web2fa.md +++ b/docs/web2fa.md @@ -62,7 +62,7 @@ but we may find other uses for it. - multiplies that private key by server's known public key - apply sha256(resulting coordinate) => the session key - apply AES-256-CTR over URL contents (ascii text) -- prepend 33 bytes of pubkey, and base64url encode all of it +- prepend 33 bytes of pubkey, and then base64url encode all of it - full url is: `https://coldcard.com/2fa?{base64 encoded binary}` ## Trust Issues