Coldstar Documentation
CLI-first cold wallet system that transforms any USB drive into a disposable, RAM-only signing medium for Solana.
Introduction
Coldstar is a CLI-first cold wallet system that transforms any standard USB drive into a disposable, RAM-only signing medium. It eliminates long-lived private key exposure by ensuring keys are decrypted only in volatile memory and only for the duration of transaction signing.
Coldstar is designed for developers, traders, and operators who value verifiability, automation, and explicit control over convenience-oriented hardware wallets.
Unlike traditional hardware wallets where keys persist on the device forever, Coldstar decrypts keys only in RAM for the brief moment needed to sign a transaction. Once complete, keys are immediately erased from memory.
Core Idea
Traditional hardware wallets rely on permanent devices that store private keys for their entire lifetime. This creates persistent trust anchors, supply-chain risk, and physical attack surfaces.
Coldstar challenges this model by removing permanent trusted hardware entirely.
Instead of trusting devices, Coldstar trusts:
- Open-source, auditable software
- User-controlled operating systems
- Extremely short-lived key exposure in RAM
Private keys are:
- Encrypted at rest on user-supplied USB storage
- Decrypted only in system memory
- Explicitly wiped after signing completes
The USB drive is not a signing device. It is encrypted storage only.
Key Properties
How It Works
- A standard USB drive is initialized using the Coldstar CLI
- Cryptographic key pairs are generated and encrypted directly onto the USB
- When signing is required:
- Encrypted key material is loaded into memory
- Decryption occurs only in RAM
- The transaction is signed
- Decrypted key material is immediately erased from memory
- No plaintext keys persist on disk or hardware
AES-256-GCM
~100 microseconds
Broadcast ready
Encryption & Key Generation
Coldstar's security model depends on understanding exactly where sensitive data exists in physical hardware and how it's protected at each stage.
Key Generation and Encryption (Initial Setup)
During wallet initialization, the following steps occur:
- Random Seed Generation: CPU's hardware RNG (/dev/urandom) generates a 32-byte Ed25519 seed
- Passphrase Entry: User provides a passphrase for encryption
- Key Derivation (Argon2id): Memory-hard operation (64 MB, 3 iterations) derives a 32-byte AES key
- AES-256-GCM Encryption: Private key is encrypted with a 12-byte random nonce
- Immediate Zeroization: All plaintext keys are overwritten with zeros in RAM
| Component | Algorithm | Purpose |
|---|---|---|
| Key Encryption | AES-256-GCM |
Encrypts private keys at rest |
| Key Derivation | Argon2id |
Derives encryption key from password (64MB memory-hard) |
| Signing | Ed25519 |
Solana transaction signatures |
Encrypted Container Format
{
"version": 1,
"salt": "base64_encoded_32_bytes",
"nonce": "base64_encoded_12_bytes",
"ciphertext": "base64_encoded_48_bytes",
"public_key": "base58_encoded_pubkey"
}- Private key NEVER stored in plaintext on USB
- USB can be read without exposing private key
- USB can be physically seized without key compromise
Transaction Signing (Decryption)
When signing a transaction, the following secure process occurs:
- Read Encrypted Container: Encrypted data read from USB to Python memory space
- FFI Call to Rust: Encrypted data passed to isolated Rust memory space
- Key Re-Derivation: Argon2id derives AES key from passphrase in mlock'd RAM
- AES-256-GCM Decryption: Private key decrypted into locked memory buffer
- Ed25519 Signing: Transaction signed (~100 microseconds in CPU)
- Automatic Cleanup: Rust Drop trait zeroizes all sensitive data
- Return to Python: Only signature (public data) crosses FFI boundary
Plaintext private key NEVER enters Python memory space. It exists only in isolated Rust mlock'd buffers and is automatically zeroized even on panic.
Memory Protection Mechanisms
mlock() - Preventing Swap to Disk
Private keys are stored in mlock'd memory pages that cannot be swapped to disk by the operating system:
- Normal RAM: OS may swap to disk/SSD
- mlock'd RAM: Locked in physical memory, cannot be swapped
Memory Zeroization
Before deallocation, all sensitive buffers are overwritten with zeros:
- Uses the
zeroizecrate (constant-time, not optimized out) - Prevents recovery from heap analysis
- Protects against cold boot attacks (partially)
Panic Safety
Rust's Drop trait guarantees cleanup runs even if the signing operation panics:
- Normal flow: Drop runs, keys zeroized
- Panic flow: Drop STILL runs, keys zeroized
Data States Across Hardware
| Location | Data State | Duration |
|---|---|---|
| USB NAND Flash | Encrypted | Permanent |
| USB -> Computer | Encrypted | Microseconds |
| Python RAM | Encrypted | Seconds |
| Rust mlock'd RAM | PLAINTEXT | ~100 microseconds |
| CPU Registers/Cache | PLAINTEXT | ~10 nanoseconds |
| Network | Signature only | Never contains private key |
Threat Model
What Coldstar Protects Against
- Long-lived key exposure
- Firmware backdoors (no firmware)
- Hardware supply-chain manipulation
- Persistent device compromise
- Seizure or fingerprinting of signing hardware
- Physical device seizure (destroy/replace USB cheaply)
What Coldstar Does NOT Protect Against
- Compromised operating system at signing time
- Malware with RAM access during signing (requires root + precise timing)
- Hardware keyloggers capturing passphrase
- Cold boot attacks (if RAM physically extracted within seconds)
- User error (weak passwords, lost USBs)
Coldstar assumes you control your operating system and can verify the Coldstar codebase. For maximum security, use an air-gapped machine and verify builds.
First Instance Boot Process
Every time you plug your USB cold wallet into a machine, Coldstar automatically:
- Detects if this is the first time on this machine/session
- Verifies all critical wallet files (keypair.json, pubkey.txt)
- Restores missing or corrupted files from backup (if needed)
- Creates/updates backups of valid files
- Updates boot instance markers
This is not a restoration function - it's an intelligent boot detection mechanism that ensures wallet integrity across different machines and reboots.
How First Boot Works
- Boot Detection: Generates unique boot instance ID from machine hostname + process + timestamp
- File Verification: Checks critical files for existence and corruption (0-byte detection)
- Smart Restoration: Only restores files if actually missing or corrupted
- Automatic Backups: Creates backups in
.coldstar/backup/directory on USB
USB Storage Structure
Supported Use Cases
Coldstar is asset-agnostic and designed to support modern on-chain workflows:
- Native Solana transactions
- SPL tokens
- Stablecoins (USDC, USDT)
- Tokenized commodities (e.g. PAXG)
- Tokenized equities (xStocks)
- Custom program instructions
- Solana staking and delegation
- NFTs and collectibles
System Architecture
Coldstar consists of three main layers:
User Application Layer
- Python CLI (Coldstar)
- Transaction building
- Network communication
- User interface
Integration Layer
- FFI Integration: ctypes bindings, shared library, direct function calls
- CLI Subprocess: JSON stdin/stdout, process isolation
Rust Signing Core
- Public API:
sign_transaction(),create_encrypted_container() - Secure Memory: mlock/VirtualLock, automatic zeroization
- Dependencies: ed25519-dalek, aes-gcm, argon2, zeroize, region
Detailed Signing Flow
The signing process consists of 10 phases:
- Input Preparation: Load encrypted container, get passphrase, prepare unsigned TX
- Enter Rust Secure Zone: Encrypted data crosses FFI boundary
- Key Derivation: Argon2id computes AES key, passphrase zeroized
- Memory Allocation: SecureKeyBuffer created with mlock()
- Decryption: AES-256-GCM decryption to temporary buffer
- Secure Transfer: Copy to locked buffer, zeroize temp buffer
- Signing: Ed25519 signature generation
- Result Preparation: Build signed transaction
- Automatic Cleanup: Drop trait zeroizes all buffers
- Return to Python: Only public signature crosses boundary
Integration Modes
FFI Mode (Recommended for Production)
- Fastest (~0.1ms overhead)
- Direct function calls via ctypes
- Requires compiled library for platform
CLI Mode (Maximum Isolation)
- Separate process for each signing operation
- Automatic cleanup on process exit
- Slower (~10-50ms overhead)
- Maximum security isolation
| Operation | FFI Mode | CLI Mode |
|---|---|---|
| Overhead | ~0.1ms | ~10-50ms |
| Memory Safety | Good | Excellent |
| Portability | Medium | High |
Comparison with Hardware Wallets
| Aspect | Coldstar | Hardware Wallets |
|---|---|---|
| Persistent key storage | No (RAM only) | Yes (secure element) |
| Physical attack surface | Disposable USB + computer RAM | Permanent device |
| Decryption location | System RAM (mlock'd) | Inside secure chip |
| Key lifetime | Microseconds | Years |
| Supply chain risk | Low (commodity USB) | High (proprietary) |
| OS compromise impact | Vulnerable | Protected by hardware |
| Automation support | CLI-first, scriptable | Limited |
| Open source | Fully verifiable | Varies |
Trust Model
Coldstar's trust model is fundamentally different from hardware wallets:
| What You Trust | Coldstar | Hardware Wallets |
|---|---|---|
| Proprietary Hardware | No | Yes |
| Vendor Firmware | No | Yes |
| Open Source Code | Yes (auditable) | Varies |
| Your Operating System | Yes | Partially |
| Supply Chain | Minimal (any USB) | Vendor-dependent |
Coldstar is experimental software. Users are responsible for understanding the risks, verifying the code, and operating within the documented security assumptions.