multi signature – Is that this scheme for multisig audit of Trezor + Coldcard okay?
My plan is to make a multisig between coldcard and trezor. I wish to audit and confirm that I certainly personal the two keys of those wallets, utilizing a raspberry pi zero (no wifi/bluetooth by definition) on a really outdated HDMI television with no web both, and utilizing a digital keyboard and easily a mouse on the pi zero.
These are the potential dangers I wish to mitigate:
To get rid of the chance of the trezor producing a non-public key I do not personal, I am gonna put its key on the raspberry pi zero and see that it generates the identical grasp pubkey and proven in trezor. This proves I personal this key, however it is perhaps a kew that somebody already owns. No downside, that is why I am doing multisig.
On the coldcard, I will generate a seed utilizing dices, after which confirm on the raspberry pi that these cube rolls certainly generate the non-public key proven by coldcard. This proves that I personal a non-public key that nobody owns, as a result of it was generated utilizing dices.
Now that I’ve 2 non-public keys that I personal, and no less than certainly one of them I am the one proprietor, I can create a multisig pockets on Ethereum or perhaps BlueWallet. I will annotate the primary 10 addresses generated by the software program pockets, and confirm in the event that they match on the coldcard and on the trezor. If the three present the identical 10 set of addresses, I can take into account these addresses protected for receiving Bitcoin.
I will then obtain some Bitcoin on one tackle, erase each wallets, restore them with the non-public keys, after which attempt to spend this Bitcoin, simply to verify I actually owned the cash.
What are the potential issues I can encounter? Am I forgetting one thing vital?
PS: I do know that if the trezor has a malicious random quantity generator and it creates a non-public key that not solely myself personal, it is a privateness leak, however not an issue. And it is a privateness leak solely after I spend from this tackle, revealing the general public key on the blockchain.
I additionally plan to make use of simply PBST air-gapped transactions on Coldcard, and a trusted laptop to broadcast.