Coldstar Documentation
The cold signing system for Solana. Transform any USB drive into disposable cold storage.
Introduction
Coldstar is a command-line based cold wallet system that transforms any standard USB drive into a disposable signing medium, with private keys existing in decrypted form only briefly and only in system memory.
Rather than introducing another piece of hardware into an already complex trust landscape, Coldstar proposes a simpler and more verifiable model. It is designed for developers, traders, and security-conscious operators who value transparency, control, and operational flexibility over consumer-oriented convenience.
Unlike traditional hardware wallets where keys persist on the device forever, Coldstar decrypts keys only in RAM for the brief moment needed to sign a transaction. Once complete, keys are immediately erased from memory.
Why Coldstar?
- RAM-only signing - Keys exist in decrypted form only during signing
- Disposable hardware - Use any USB drive, rotate or destroy at minimal cost
- CLI-first - Scriptable, automation-friendly, CI/CD ready
- Open source - Fully inspectable and verifiable codebase
- No vendor lock-in - No proprietary hardware or secure elements
Installation
Prerequisites
- A Unix-like operating system (Linux, macOS)
- A standard USB drive (any size, any brand)
- Rust toolchain (for building from source)
Install from Source
# Clone the repository
git clone https://github.com/coldstar-wallet/coldstar
cd coldstar
# Build the project
cargo build --release
# Install globally (optional)
cargo install --path .Verify Installation
coldstar --version
# coldstar 0.1.0Quick Start
1. Initialize a Cold Wallet
Insert a USB drive and initialize it as a Coldstar wallet:
# Initialize wallet on USB drive
coldstar init /media/usb
# You'll be prompted to create a password
# This password encrypts your keys with AES-2562. Get Your Public Key
# Export your public key (safe - no secrets exposed)
coldstar pubkey --wallet /media/usb
# Output: 7xKXtg2CW87d97TXJSDpbD5jBkheTqA83TZRuJosgAsU3. Sign a Transaction
# Sign a transaction (keys decrypted in RAM only)
coldstar sign --wallet /media/usb --tx transaction.json
# Enter your password when prompted
# Keys are decrypted, transaction signed, keys erasedNever share your password. The password is the only thing protecting your encrypted keys. If someone has your USB drive AND your password, they can access your funds.
Architecture
Coldstar's architecture is intentionally simple. It consists of three components:
- Encrypted Storage (USB) - Your USB drive stores encrypted key material using AES-256
- Coldstar CLI - The command-line tool that handles encryption, decryption, and signing
- System RAM - Where keys are briefly decrypted for signing operations
Encrypted keys
Brief decryption
Broadcast ready
RAM-Only Signing
The core security property of Coldstar is ephemeral RAM-only signing. Here's how it works:
- User initiates a signing operation via CLI
- Coldstar reads encrypted key material from USB
- User enters password; keys are decrypted in RAM only
- Transaction is signed in memory
- Decrypted keys are immediately zeroed from memory
- Signed transaction is output (ready to broadcast)
At no point do plaintext private keys exist on disk. The USB drive contains only encrypted material. This dramatically reduces the attack surface compared to hardware wallets where keys persist for the device's lifetime.
Encryption
Coldstar uses industry-standard cryptographic primitives:
| Component | Algorithm | Purpose |
|---|---|---|
| Key Encryption | AES-256-GCM |
Encrypts private keys at rest |
| Key Derivation | Argon2id |
Derives encryption key from password |
| Signing | Ed25519 |
Solana transaction signatures |
CLI: coldstar init
Initialize a new cold wallet on a USB drive.
coldstar init <path> [options]
Options:
--import <seed> Import existing seed phrase
--force Overwrite existing wallet
--help Show helpCLI: coldstar sign
Sign a transaction with RAM-only key exposure.
coldstar sign [options]
Options:
--wallet <path> Path to wallet on USB
--tx <file> Transaction file (JSON)
--output <file> Output signed transaction
--help Show helpCLI: coldstar stake
Stake SOL with cold signing.
coldstar stake [options]
Options:
--wallet <path> Path to wallet on USB
--amount <sol> Amount of SOL to stake
--validator <pubkey> Validator pubkey to delegate to
--help Show helpCLI: coldstar pubkey
Export your public key (safe, no secrets exposed).
coldstar pubkey [options]
Options:
--wallet <path> Path to wallet on USB
--help Show helpTrust Model
Coldstar's trust model is fundamentally different from hardware wallets:
| What You Trust | Coldstar | Hardware Wallets |
|---|---|---|
| Proprietary Hardware | No | Yes |
| Vendor Firmware | No | Yes |
| Open Source Code | Yes (auditable) | Varies |
| Your Operating System | Yes | Partially |
| Supply Chain | Minimal (any USB) | Vendor-dependent |
Comparison
| Feature | Coldstar | Ledger | Unruggable |
|---|---|---|---|
| Key Storage | Encrypted on any USB | Secure element | Dedicated device |
| Key Lifetime | RAM only (seconds) | Device lifetime | Device lifetime |
| Automation | CLI-first | Limited | Limited |
| Open Source | Fully | No | Yes |
| Hardware Cost | ~$5 (any USB) | $79+ | $150+ |
Threat Model
What Coldstar Protects Against
- Remote key extraction (keys not persistently stored)
- Firmware backdoors (no firmware)
- Supply chain attacks (user-supplied USB)
- Physical device seizure (destroy/replace USB cheaply)
- Long-term key exposure (keys exist briefly in RAM)
What Coldstar Does NOT Protect Against
- Compromised operating system at signing time
- Malware with RAM access during signing
- Shoulder surfing / password capture
- User error (weak passwords, lost USBs)
Coldstar assumes you control your operating system and can verify the Coldstar codebase. For maximum security, use an air-gapped machine and verify builds.
Docker Setup
Coldstar can be run in a Docker container for consistent environments and easy deployment.
Quick Start with Docker
# Clone the repository
git clone https://github.com/ChainLabs-Technologies/coldstar
cd coldstar
# Build and run with the quick script
./docker-run.sh
# Or build manually
docker build -t coldstar .
docker run -it --rm \
-v $(pwd)/wallet:/wallet \
-v $(pwd)/transactions:/transactions \
coldstarUsing Docker Compose
# Start Coldstar (mainnet)
docker-compose run coldstar
# Start development mode (devnet)
docker-compose run coldstar-dev
# Build fresh image
docker-compose build --no-cacheDocker Architecture
The Docker image uses a multi-stage build:
- Builder stage - Compiles the Rust secure signer with full toolchain
- Runtime stage - Slim Python image with only runtime dependencies
The container mounts /wallet and /transactions directories. Your wallet data persists on your host machine, not inside the container.
USB Device Access (Linux)
To access USB devices from within Docker on Linux:
# Run with USB device passthrough
docker run -it --rm \
--privileged \
--device=/dev/sdb:/dev/sdb \
-v $(pwd)/wallet:/wallet \
coldstarDirect USB passthrough is not supported on macOS or Windows Docker Desktop. Mount your USB drive contents to a local directory and use volume mounts instead.
Automation & CI/CD
Coldstar's CLI-first design makes it ideal for automated workflows:
#!/bin/bash
# Example: Automated signing script
# Build transaction
solana transfer recipient.json 10 --sign-only --output tx.json
# Sign with Coldstar (password from env or secure input)
coldstar sign --wallet /media/usb --tx tx.json --output signed.json
# Broadcast
solana send signed.jsonAir-Gapped Setup
For maximum security, use Coldstar on an air-gapped machine:
- Air-gapped machine - A computer never connected to the internet
- Build Coldstar - Transfer source code via USB, build on air-gapped machine
- Initialize wallet - Create wallet on air-gapped machine
- Sign offline - Transfer unsigned transactions via USB, sign offline
- Broadcast online - Transfer signed transactions to online machine for broadcast
Build TX
Unsigned TX
Sign TX
Broadcast