Why SeedSigner?
Your private keys are everything. Lose them, and your Bitcoin is gone forever. Let someone else hold them, and you’re not really holding Bitcoin at all. This isn’t fearmongering, it’s the fundamental reality of self-custody. The question isn’t whether you should take security seriously, it’s how far you’re willing to go to protect your financial sovereignty.
We’re going to walk through what I believe is the ultimate airgapped cold storage setup: a SeedSigner for signing, SeedQR as the bridge between analog and digital, and a metal backup that will outlast you. Each component serves a specific purpose, and together they form a system where your keys never touch the internet, your backup survives catastrophe, and recovery is as straightforward as possible, and, instant.
Ready? Let’s go.
The Problem with Traditional Hardware Wallets
The hardware wallet market in 2026 is dominated by familiar names. Ledger, Trezor, Coldcard, BitBox. Each has its place, and we sell some of them ourselves. But here’s the thing: most of these devices come with tradeoffs that might not sit well with everyone.
Commercial hardware wallets, even the good ones, require trust. You trust that the firmware does what it claims. You trust that the supply chain wasn’t compromised. You trust that there are no backdoors, intentional or otherwise. Some devices use flavors of, or full-blown closed-source firmware. Others have had security incidents, Ledger being the most prominent by far, which ironically lead to SeedSigner being born. And all of them are manufactured by companies that could, at some point, go rogue, face regulatory pressure or simply disappear.
This isn’t paranoia. It’s just reality. Incidents like the Ledger Recover debacle showed us what happens when a company decides to add seed phrase extraction to firmware that was supposed to never let keys leave the device. Even if you trust them now, you’re betting on their future decisions too.
What if you could verify everything yourself? What if the device you use doesn’t store your keys at all? What if you could build it yourself from off-the-shelf components, running open-source software that anyone can audit?
That’s exactly what SeedSigner offers.
SeedSigner: The Stateless Signing Device
SeedSigner isn’t really a “hardwarewallet” in the traditional sense. It’s a signing device. It holds no keys. It has no memory between sessions. When you power it off, everything is gone. This is intentional, and it’s the whole point.
The device is built on a Raspberry Pi Zero 1.3, specifically the version that has no WiFi or Bluetooth capability. This is crucial. Your keys can never leave the device over a wireless connection because there is no wireless connection. Communication happens exclusively through QR codes, scanned by the built-in camera and displayed on the screen. It’s a true airgap in the most literal sense possible.
What Makes SeedSigner Different
The SeedSigner project was created with a single goal: lower the cost and complexity of secure Bitcoin storage. And it delivers on that promise in ways that matter.
Fully Open Source. The entire codebase is on GitHub under MIT license. The hardware is documented. The firmware is auditable. There are no secrets, no proprietary components, no hidden code paths. Build it yourself from source if you want maximum trust minimization.
Stateless Operation. When you power off, all seed data is wiped. The device never writes to storage with the exception of saving persistent settings once you explicitly enable the option. And even then, just non critical settings like camera rotation angle and display type are being saved to the sd card. You can remove the micro-SD card after boot to ensure nothing persists. This eliminates a massive attack surface. There’s nothing to extract from a powered-off SeedSigner because there’s nothing stored.
DIY or Prebuilt. You can build it yourself from components costing under €50, or grab a prebuilt unit if you’d rather skip the soldering. Either way, you end up with the same verified hardware running the same verified software. The safest way will always be self sourced parts which you assemble yourself, we will be happy to supply just the 3D-printed or CNC-milled enclosures if you choose to go the true Cypherpunk route, which you should!
Trustless Key Generation. Create seeds using dice rolls for true randomness, or use the camera to capture entropy from a photograph. The device calculates the final checksum word automatically, ensuring valid BIP39 seeds every time.
Compatible with Everything. SeedSigner works with Sparrow Wallet, Specter Desktop, BlueWallet, Nunchuk, Keeper, and any software that supports QR-based PSBTs. Single sig or multisig, mainnet or testnet, native segwit or taproot, it handles them all.
How It Actually Works
Using SeedSigner follows a simple flow that becomes second nature quickly.
You generate or import a seed phrase. The device derives your extended public key (xpub) and displays it as a QR code. You scan this into your wallet (or, more fitting, coordinator) software to create a watch-only wallet. When you want to send Bitcoin, your wallet software creates a Partially Signed Bitcoin Transaction (PSBT) and displays it as an animated QR code. You scan this into SeedSigner, review the transaction details, sign it, and SeedSigner displays the signed transaction as another QR code. You scan this back into your wallet software, which broadcasts it to the network.
At no point does your seed or private key ever leave the device. At no point is the device connected to the internet. At no point is data transmitted over anything but optical QR codes that you physically control.
This is what true airgapped operation looks and feels like.
SeedSigner
Next Level Bitcoin Security – DIY or Prebuilt
SeedQR: The Bridge Between Worlds
Here’s where things get interesting. You have a seed phrase. 12 or 24 words that represent your entire Bitcoin holdings. You need to back them up somehow. The traditional approach is metal plates where you stamp or engrave each word. It works, but it’s slow to create, error-prone, and even slower to recover.
SeedQR changes literally everything.
SeedQR is a format developed by the SeedSigner project that encodes your BIP39 seed phrase into a QR code. Instead of manually typing 24 words, you scan a QR code. Recovery goes from minutes of careful typing to about two seconds of pointing a camera.
The Two Formats
Standard SeedQR encodes each word as its 4-digit BIP39 index number. A 12-word seed creates a 25×25 grid QR code. A 24-word seed creates a 29×29 grid. Simple, straightforward, and compatible with any standard QR reader.
Compact SeedQR is more efficient. It uses binary encoding of the raw entropy, resulting in smaller codes. A 12-word seed fits in a tiny 21×21 grid. A 24-word seed fits in 25×25. This format is compatible with SeedSigner, Krux, Blockstream Jade, and Foundation Passport.
The compact format is particularly clever because it makes metal backup plates significantly easier to create. Fewer squares means fewer punches, less chance for error, and faster recovery.
Why This Matters
Think about disaster recovery. Your house burns down. You have a metal backup in a safety deposit box or buried somewhere. With traditional word-based backups, you need to carefully read and type each word, checking for errors. With SeedQR, you point a camera and you’re done.
Speed matters in recovery scenarios. Stress makes people make mistakes. The fewer steps between “I have my backup” and “my funds are accessible,” the better.
But SeedQR’s real power comes when paired with a truly permanent backup medium.
ColdQR Titanium Backup Plates: Built for Eternity
Paper burns. Steel corrodes. Stainless steel works better but still has limits and is rarely stainless. Titanium is essentially indestructible without using really heavy machinery, which makes it perfect for our purpose.
“Titanium SeedQR Cold Storage Backup Plates” is a very long and unwieldy name, so, now that you know what they are let’s just call them ColdQR.
Grade 7 Titanium, specifically, is the most corrosion-resistant of all titanium alloys. It’s mechanically equivalent to Grade 2 but includes a tiny palladium content that makes it resistant to salt water, chlorides, and basically anything the environment can throw at it. It won’t rust. It won’t corrode. It handles extreme temperatures. It survives floods, fires, and the test of time.
ColdQR Titanium Backup Plates are 5.5mm thick, with a 6mm border. This isn’t a thin stamping plate that bends if you look at it wrong. It’s a solid piece of metal designed to survive whatever happens.
The Ultimate Bridge
Here’s the concept that makes this setup work: the ColdQR Titanium QR plate is the physical manifestation of your digital keys.
You take your seed phrase. You convert it to a Compact SeedQR using SeedSigner’s built-in transcription guide. You punch the pattern into your titanium plate. What you now have is a permanent, indestructible backup that can be instantly scanned by an airgapped device.
The plate comes with precision-optimized grids and centering holes to eliminate errors. No more misaligned punches or ambiguous marks. The design was crafted in collaboration with the SeedSigner project specifically to ensure flawless results.
Each plate arrives in a tamper-evident 3D-printed container that can be sealed with a zip tie or numbered security seal. A cutout window lets you verify the fingerprint without opening the container, so you know if someone has accessed your backup.
The Marking Process
Punching is done in two steps. First, you use an automatic or manual centering punch on each square that should be filled. The centering holes guide you perfectly. Then you ink the punched marks with a fine-point permanent marker to maximize scannability.
Do this on a solid surface. Take your time. This is permanent, and permanence is exactly what you want.
Grid Options
The 21×21 grid shown above stores 12-word seeds in Compact SeedQR format only. The 25×25 grid is more versatile. It can store 12-word seeds as standard SeedQR, or 24-word seeds as Compact SeedQR. Choose based on your seed length and recovery device compatibility.
Check out the scanning performance !
Putting It All Together: The Complete Setup
Let’s walk through what the ultimate airgapped cold storage setup actually looks like in practice.
Initial Setup
You build or acquire a SeedSigner. You verify the software by checking the GPG signatures. You flash the image to a micro-SD card. You power on the device, and it boots into a completely clean state with no stored keys.
You generate a new seed phrase. Maybe you use 99 dice rolls for truly random entropy, following SeedSigner’s guided process. The device shows you 24 words. You write them down on a paper SeedQR card which comes with your SeedSigner, temporarily.
Now you create your SeedQR backup. SeedSigner walks you through the transcription process, showing you exactly which squares to fill on a grid. You punch this pattern into your Titanium QR plate, using a spring loaded punching tool or hammer and punching tool, ink the marks, and test it by scanning with your SeedSigner. If it works, it works forever, but it can’t hurt to double check. Take your time and make sure to work in a calm environment with nothing else on your mind and you should be able to achieve perfect results.
You scan the temporary paper. You scan the titanium plate. They both recover the same seed. You destroy the paper. The titanium plate goes into secure storage.
Make sure to never point a phone, camera or anything that’s digitally connected to the internet and has a camera towards your SeedQR, this is your private key, leaking it to the internet ist he aequivalent of handing your seed words over to someone, with identical consequences. Your SeedQR should only be revealed for the brief moment SeedSigner needs to scan it, cover it up again instantly after it, our 3D-printed containers are perfect for this.
Daily Use
Your wallet software (For example, Sparrow for Desktop and Blue Wallet for Smartphones) holds a watch-only wallet created from the xpub you exported via QR code. You can receive Bitcoin normally and monitor your balance without ever touching your keys.
When you need to spend, your wallet creates a PSBT. You display it as an animated QR on your computer screen. You grab your SeedSigner, load your seed (by scanning your titanium plate or entering the words manually), scan the transaction QR, review every detail on the SeedSigner screen, confirm, and sign. The signed transaction displays as a QR code on SeedSigner. You scan this with your computer’s webcam. Sparrow broadcasts it.
At no point did your keys exist on any internet-connected device. At no point were your keys transmitted wirelessly. At no point did you trust anything you couldn’t verify yourself.
Multisig Configurations
SeedSigner was built with multisig in mind. Create multiple seeds, store each on a separate Titanium QR plate, distribute them geographically. Use 2-of-3 or 3-of-5 configurations depending on your security requirements. The QR-based workflow makes rotating through devices fast and practical.
This is truly next-level security that used to be reserved for exchanges and institutions. Now you can do it at home.
Why This Combination Works
Each component solves a specific problem, and together they create something that is much greater than the sum of their parts.
SeedSigner eliminates the need to trust manufacturers, supply chains, or closed-source firmware. It’s stateless, airgapped, and completely open. You can verify everything and the amazing user interface design teaches you about bitcoin while you are using it!
SeedQR eliminates the friction of seed recovery. No more typing words. No more transcription errors during high-stress recovery scenarios. Two seconds of pointing a camera, and you’re in.
ColdQR plates eliminate the durability concerns of other backup methods. Your backup survives fires, floods, corrosion, and time itself. It’s physically robust in ways that paper, steel, and digital storage simply aren’t.
Combined, you get:
True airgapped operation from generation to signing. No wireless. No internet. No attack surface.
Instant recovery that doesn’t depend on reading small text or typing under pressure.
Permanent backup on the most corrosion-resistant metal commercially available.
Complete verifiability at every step. Open source software, documented hardware, transparent processes.
A Word on Operational Security
The hardware is only one part of security. How you use it matters just as much.
When using SeedSigner, YOU are the secure element.
NEVER SCAN YOUR SEEDQR WITH ANY INTERNET-CONNECTED DEVICE. Not your phone. Not your computer. Not anything with WiFi or Bluetooth. This isn’t a suggestion. If you do this, you will lose your funds. Someone watching your screen, malware on your device, a compromised camera app, any of these can extract your seed and drain your wallet.
Only scan with airgapped devices designed for this purpose. SeedSigner, Krux, Passport, Jade in QR mode. These are the only things that should ever see your SeedQR.
Store your Titanium plate appropriately. A fireproof safe, a safety deposit box, buried in a location you won’t forget are just the obvious options, you can be creative here. Consider geographic distribution for multisig setups. Think about inheritance planning. Your backup needs to survive not just disasters, but also your own mortality and your heirs will thank you if you make your setup bulletproof from the start.
Test your backups. Multiple times. Yes. Seriously. Create the backup, then recover from it on a clean SeedSigner or a different signing device, like krux. Verify that the derived xpub matches what you expected. Do this before sending any significant funds. Do this periodically to confirm nothing has degraded.
Maintain physical security. A SeedQR is more convenient than 24 words, but it’s also faster for an attacker to use. The tamper-evident container helps you know if someone has accessed your backup, but only if you actually check the seal.
The Comparison That Matters
The hardware wallet market pushes you toward convenience, mobile apps, Bluetooth connectivity, and “easy” recovery services. These features are marketed as improvements, but they’re actually tradeoffs. Every convenience is an attack surface. Every wireless protocol is a potential leak. Every third-party service is a “Trust me, bro” relationship and secure elements are not guaranteed to be secure forever and there have been numerous incidents of secure element breaches or just plain blatant misuse which can lead to devastating consequences a SeedSigner user doesn’t even have to consider.
With SeedSigner and Titanium QR backups, you trade convenience for security. The setup takes longer. The process is more deliberate. You can’t “just” send Bitcoin from your phone. But you also can’t “just” have your funds drained by malware, supply chain attacks, or companies that make decisions you don’t agree with.
This setup is for people who understand that their Bitcoin is their responsibility. No one is coming to help if something goes wrong. There is no customer support line for self-custody. The tradeoff is that if you do it right, no one can stop you either. Your keys, your coins, your rules.
But someone on the Internet said…
There have been voices claiming SeedSigner is prone to attacks because of it’s open architecture, which is, quite frankly, bullshit spread by sponsored individuals and scared hardwarewallet manufacturers who very well understand that DIY signing devices like SeedSigner and Krux are what I like to call, Security Endgame. Think about it, a device that anyone can build, flash and use without limitations or risk to end up on a list. With 100% confidence that the device you are using to manage potentially wife changing funds won’t spy on you, because it can’t, it’s physically impossible.
I have thought about these arguments a lot and refuted most of them multiple times, at this point, I can only leave this here:
The single attack vector on your SeedSigner setup is some entering your private space. In that case, you have much bigger problems, as security theater from hardware wallets unfortunately does nothing against the pressure of a wrench attack.
Getting Started
We’ve got you covered. Everything you need to build the ultimate airgapped cold storage setup is available at gobrrr.me and we’re trying hard to make it as simple as possible for you to
SeedSigner devices are available as DIY kits starting at €89 or prebuilt units including the SeedSigner Premium with its CNC-milled aluminum enclosure. We’re an official SeedSigner supplier, and a portion of every sale goes back to the development fund. I recommend building your SeedSigner yourself from parts, it’s not hard at all, and in fact, a lot of fun too!
ColdQR Titanium backup plates are available in 21×21 and 25×25 grid configurations. Each comes in a tamper-evident container with precision-optimized grids for error-free punching.
Everything ships from Austria. No third-party fulfillment. No Amazon warehouses. Just us, making sure your stuff arrives intact and ready to use while doing everything in our power to preserve customer privacy!
Your Bitcoin deserves better than trust. It deserves verification. It deserves permanence. It deserves true security.
Take control. Build the setup. Secure your sovereignty.
Important links:
Official SeedSigner website: https://seedsigner.com
SeedSigner GitHub: https://github.com/SeedSigner/seedsigner
That’s it, thanks for reading! But before you leave, remember that SeedSigner is an open-source project which is 100% free and created by volunteers who need your support so they can continue to build amazing tools for the bitcoin community. Sending them a few (or many) Sats as an appreciation is a great idea! You can do so here: https://seedsigner.com/donate/
Get your SeedSigner, ColdQR Plates and punching tools, right here from Go Brrr!
ColdQR Titanium Backup
The ultimate bridge between the digital and analog versions of your private keys.
SeedSigner
Next Level Bitcoin Security – DIY or Prebuilt