TLDR: you can send and receive Bitcoin to and from native SegWit (Bech32) addresses using KeepKey + Mycelium, but not using KeepKey + KeepKey client (yet?).
Mycelium can import the extended public key (xpub) from your KeepKey, this allows you to get a watch-only wallet on your phone, that can spend only if you connect your KeepKey to the phone.
The xpub is not the private key, the private key never leaves KeepKey, you can not spend from just the xpub, cold storage is not compromised.
It's a nice combination of the accessibility of an app, and the security of a hardware wallet.
My favorite feature is being able to watch the value of my Bitcoin moon plummet from the comfort of my phone.
The Mycelium Android wallet finally got it's SegWit update this month, and I used about a buck in Bitcoin to test the new address format.
Importing a KeepKey xpub into Mycelium
The first thing to note is that if you already had a KeepKey account in Mycelium before Mycelium's SegWit update you'll have to remove that account from Mycelium and reimport it to enable SegWit support.
To import your KeepKey’s xpub into Mycelium you need to connect the KeepKey to your phone using a USB OTG adapter, you can get one for about 10 bucks if one did not already come with your phone.
When connected, open Mycelium, go to the “accounts” tab, tap the icon of a key with a “+”, tap “advanced”, tap “KeepKey”, and enter your pin.
(If you have enabled passphrase protection on your KeepKey then at this point Mycelium will also ask you to enter the passphrase now.
You can read this page for instructions on how to enable/disable passphrase protection:
https://help.keepkey.com/how-to-guides/how-to-disable-a-passphrase
If you want to enable it change the command from “(false)” to “(true)”.
This is an advanced feature so only use this if you know what you are doing, enabling and disabling it has been very flaky in my experience, but once enabled the passphrase feature itself works without error)
Accounts
Mycelium will now scan KeepKey for accounts, if you have multiple accounts on the KeepKey and want to add all of them to Mycelium you will have to go through these steps multiple times to add them one at a time.
An account with zero Bitcoin will not be detected by Mycelium.
You can give the account you are adding to Mycelium a label.
Mycelium will display a KeepKey logo next to the account name in the accounts tab to indicate this is a watch-only account from a KeepKey.
What can I do with an imported account in Mycelium?
Without having your KeepKey connected you can:
-View your Bitcoin balance and it’s fiat value.
-View all transactions including those done through the KeepKey Client app.
-Generate receiving addresses in all three formats, legacy P2PKH (starting with 1), SegWit wrapped P2SH (starting with 3), SegWit native Bech32 (starting with bc1).
-Receive Bitcoin on said addresses and view the incoming transactions before during and after they are confirmed. Note that Mycelium will default to generating SegWit wrapped P2SH receiving addresses, you can change the default to SegWit Native Bech32, but you can not change the default to legacy P3PKH addresses, this is important.
How do I receive Bitcoin with Mycelium?
Choose the KeepKey account from the accounts screen, tap the “receive” button and it will display a SegWit Wrapped P2SH address by default.
You can switch to a Legacy or Bech32 address from this screen, and switch the default from P2SH to Bech32, but not to Legacy.
This means that by default you will always be receiving Bitcoin on a SegWit address.
How do I send Bitcoin from Mycelium?
In order to send Bitcoin from Mycelium you can tap “send”, enter a receiving address, choose an amount and a fee setting.
Next you will have to connect your KeepKey to the phone with the OTG adapter, enter the pin, and enter the passphrase if your KeepKey has one.
The transaction will be displayed on the KeepKey’s own display, you should verify the address, amount and fee.
Confirm the transaction through the physical button on the KeepKey, twice.
Your transaction will be broadcast, you can now disconnect the KeepKey.
How secure is this?
The private key never leaves the KeepKey, cold storage is never compromised.
The only way to sign a transaction and send Bitcoin is by connecting the KeepKey, entering the pin to unlock it, and entering the passphrase to further unlock it if you have one enabled, and then using the physical button on the KeepKey to confirm the transaction.
What does not work?
And now finally, the reason I’m making this post, what does not work.
At the time of writing the KeepKey client app for Chrome is capable of sending to SegWit P2SH and Bech32 addresses.
The KeepKey Client app is however not capable of generating SegWit receiving addresses, nor can it view the balance of SegWit P2SH or SegWit Bech32 addresses.
It also can not send Bitcoin that was received on these addresses.
This means that if you use Mycelium to receive Bitcoin on a SegWit address, the KeepKey Client app does not understand this transaction.
The KeepKey Client app will not add the balance of this address to your total balance, if this was the only transaction in the wallet it will show a zero balance.
The KeepKey Client app will not be able to send Bitcoin that was received on these addresses, you can only do that using Mycelium.
This can lead to confusing situations where Mycelium and the KeepKey Client app show two different total balances for the same wallet, because Mycelium sees the real balance, and the KeepKey Client app only sees the non-SegWit addresses balance.
I fully expect a future update to the KeepKey Client Chrome app to enable full SegWit support so the above will no longer be an issue, but right now receiving Bitcoin on SegWit addresses through Mycelium means you can no longer effectively use the KeepKey Client app until it is updated.
No comments:
Post a Comment