Hardware Wallet Integration

PSBT is the backbone of modern Bitcoin security. It allows for "Air-Gapped" signing, where a private key never touches an internet-connected device.

1. The Trustless Host

In a standard setup, you use a "Host" (your laptop) to build a transaction.

• The Host is untrusted—it could be infected with malware.

• The Host sends a PSBT to the Hardware Wallet (HWW).

• Because the PSBT contains the Full Previous Transactions of the inputs, the HWW doesn't have to trust the Host's claim about how much money is being spent. It can verify the inputs itself.

2. Verifying Change Addresses

A common attack is for malware to change the "Change Address" in a transaction to the hacker's address.

• PSBTs include BIP 32 Derivation Paths.

• The HWW looks at the change output and checks if the derivation path belongs to its own internal seed.

• If it matches, the HWW hides the change output and only asks you to confirm the actual payment amount.

3. Air-Gapped Workflows

Since PSBT is a compact string, it can be moved between devices in creative ways:

• MicroSD Card: Save the .psbt file on a card and plug it into your HWW.

• QR Codes: Software displays a QR code of the PSBT; the HWW scans it with a camera.

• NFC: Tap your phone against a signing device to pass the PSBT.

4. Multisig Security

PSBT is essential for multisig. A single PSBT can be passed around a circle of friends or partners.

1. User 1 signs and passes the PSBT.

2. User 2 sees User 1's signature in the file, verifies the TX, adds their signature, and passes it on.

3. The final user "Finalizes" the PSBT and broadcasts it.

Device	Role	Trust Level
Computer (Sparrow)	Creator / Updater	Untrusted
MicroSD / QR Code	Carrier	Transport
Hardware Wallet	Signer	Trusted

In the final section, we will build a Python PSBT Decoder.