PSBT Cold Signing Canada 2026: How to Build an Air‑Gapped Bitcoin Signing Workflow for Secure Self‑Custody
This guide explains PSBT cold signing for Canadian Bitcoin users in 2026. If your goal is secure self‑custody that keeps private keys air‑gapped, learning a Partially Signed Bitcoin Transaction (PSBT) workflow is essential. In the first 150 words you will learn what PSBT cold signing is, why Canadians should use air‑gapped signing for security and privacy, and the practical steps to build and test a resilient signing process that works with hardware wallets, multisig setups, and a Canadian tax recordkeeping plan.
Table of Contents
- Table of Contents
- What is a PSBT and why use cold signing?
- Essential components for an air‑gapped PSBT workflow
- Step-by-step: Single‑sig air‑gapped PSBT signing (recommended for advanced beginners)
- Step-by-step: Multisig PSBT signing (recommended for long‑term family and estate custody)
- Comparison: Transport methods for PSBTs
- Operational security checks and testing
- Canadian considerations: CRA, power outages, and device sourcing
- FAQ
- 1. Is PSBT signing necessary for all Bitcoin users?
- 2. Can I broadcast a PSBT directly from the offline device?
- 3. What if I lose an air‑gapped signer?
- 4. Are PSBTs private?
- 5. Which wallets support PSBT workflows in Canada?
- Conclusion and actionable takeaways
Table of Contents
- What is a PSBT and why use cold signing?
- Essential components for an air‑gapped PSBT workflow
- Step-by-step: Single‑sig air‑gapped PSBT signing
- Step-by-step: Multisig PSBT signing (recommended)
- Comparison: Transport methods for PSBTs
- Operational security checks and testing
- Canadian considerations: CRA, power outages, and device sourcing
- FAQ
- Conclusion and actionable takeaways
What is a PSBT and why use cold signing?
A PSBT is a portable transaction format that separates the transaction creation step from signing. It lets a watch‑only machine (online) construct a transaction and then export it to an offline signer (air‑gapped hardware wallet or computer) that holds the private key. The signer returns a partially or fully signed PSBT for broadcast. PSBT workflows reduce exposure of private keys, permit safe multisig coordination, and enable verifiable signing on isolated devices. For Canadians who value self‑custody and must comply with CRA recordkeeping, PSBTs provide a repeatable, auditable workflow.
Essential components for an air‑gapped PSBT workflow
- Watch‑only transaction creator: Bitcoin Core, Sparrow Wallet, or Electrum running on an online machine or an always‑on full node. See how to run a Bitcoin full node in Canada for node setup best practices.
- Air‑gapped signer(s): Hardware wallets that support PSBT (e.g., Coldcard, Keystone, Trezor via PSBT export modes). For multisig, multiple signers are recommended; see setting up a multisig wallet for family and estate custody.
- Transport medium: SD card, QR/UR (PSBT encoded as UR), or trusted USB with careful hygiene. Comparison table below.
- PSBT viewer and verifier: Sparrow, HWI, or Electrum to inspect PSBT content before and after signing.
- Backup and recovery tools: Shamir or standard seed backups in secure storage, plus documentation for CRA records and estate recovery plans.
Step-by-step: Single‑sig air‑gapped PSBT signing (recommended for advanced beginners)
- Prepare watch‑only wallet
- Install Sparrow or Electrum on your online machine and import your public xpub as watch‑only (do not import private key).
- If possible use an attached full node for accurate fee estimation and privacy.
- Create transaction
- Construct the transaction in your watch‑only wallet. Enter recipient, amount, fee rate. Enable change address to a known descriptor you control.
- Export the unsigned PSBT file.
- Transfer PSBT to air‑gapped signer
- Use an SD card or QR/UR to move the PSBT to your offline device. Avoid connecting a USB drive to untrusted computers.
- Sign on the offline device
- Open the PSBT on the air‑gapped hardware wallet and verify outputs, fee, and change address on the device screen. Confirm only if values match expected amounts.
- Sign and export the signed PSBT back to the transport medium.
- Verify and broadcast
- Load the signed PSBT into your online watch‑only wallet, verify the signatures and outputs, then finalize and broadcast the transaction via your node or a trusted broadcast service.
- Recordkeeping
- Save a copy of the PSBT, signed file, txid, and associated receipts for CRA reporting and for your own audit trail.
Step-by-step: Multisig PSBT signing (recommended for long‑term family and estate custody)
Multisig improves survivability and reduces single‑point‑of‑failure risk. Use an odd number of signers (2-of‑3, 3-of‑5) depending on your trust and recovery strategy.
- Create descriptor and distribute xpubs
- On each signer export the xpub or use coordinated wallet setup (Sparrow) to create a multisig descriptor. Keep one copy of the descriptor in your records.
- Watch‑only setup
- Import multisig descriptor to your online watch‑only wallet or full node. This wallet will create PSBTs for signing.
- Create PSBT, distribute to signers
- Create PSBT in watch‑only wallet and export. Transfer the PSBT to signer A via secure transport. Signer A adds a signature and returns the PSBT.
- Collect remaining signatures
- Repeat PSBT transfer with signer B, etc., until threshold signatures are reached. Each signer verifies outputs before signing.
- Finalize and broadcast
- Load the fully signed PSBT into the watch‑only wallet and finalize to create the raw transaction. Broadcast via your node.
- Document the process
- Keep a log of who signed, when, and the transaction purpose for estate planning and CRA support.
Comparison: Transport methods for PSBTs
| Method | Pros | Cons |
|---|---|---|
| MicroSD / SD card | Reliable, works with Coldcard, easy offline transfer | Requires physical security; avoid unknown readers |
| QR / UR (optical) | No physical connectors, safer vs USB malware, convenient with phones | Size limits for large PSBTs; requires camera support and UR encoding |
| USB drive | Fast and familiar | Highest malware risk if used with untrusted machines |
| Manual transcribe (xpubs, descriptors) | Extremely secure when done carefully | Time consuming and error prone for large data |
Operational security checks and testing
- Firmware and device provenance - buy hardware wallets from trusted vendors in Canada. Check firmware signatures before use.
- Verify xpubs and descriptors on multiple devices. Confirm that the derived receive/change addresses match on watch‑only and signer devices.
- Always test with small amounts before moving large balances. Practice a full sign-and-broadcast dry run.
- Inspect PSBT contents: outputs, change, and fee. Use multiple PSBT viewers (Sparrow, Electrum) for cross verification.
- Limit exposure of transport media. After sign-and-broadcast, consider securely wiping or destroying temporary SD cards.
- Use a passphrase (BIP39 passphrase) only if you understand recovery implications. Document passphrase handling for heirs or hold with a trusted attorney as part of an estate plan.
Canadian considerations: CRA, power outages, and device sourcing
Recordkeeping: The Canada Revenue Agency expects accurate records for disposals and transfers. Keep PSBTs, txids, and receipts in your bookkeeping records to support cost basis and disposition claims in audits. For guidance on combining cold and hot setups for emergency use, see building a Bitcoin emergency fund that mixes cold storage and Lightning.
Power and internet outages: Air‑gapped signing workflows are especially valuable during local outages. Because signing is done offline, you only need temporary internet access to broadcast a finalized transaction (which can be done via a mobile phone hotspot or a public broadcast service). Maintain a portable signed PSBT library and ensure at least one signer can access the internet for broadcast in emergency situations.
Device sourcing and warranties: Buy hardware from official Canadian resellers or the manufacturer’s website to reduce risk of tampered devices. Retain purchase receipts for warranty and CRA evidence where relevant.
FAQ
1. Is PSBT signing necessary for all Bitcoin users?
No. Beginners with small balances may use a single hardware wallet connected to a desktop. PSBT cold signing becomes crucial when you want air‑gapped signing, multisig, or an auditable signing workflow for larger sums.
2. Can I broadcast a PSBT directly from the offline device?
Typically no. The offline signer produces a signed PSBT or raw transaction that you transfer to an online machine to broadcast. Some advanced setups let you connect a mobile device with an internet gateway to broadcast, but avoid exposing private keys to online devices.
3. What if I lose an air‑gapped signer?
Recover using your seed backups. For multisig, losing a single signer is tolerable if your threshold allows recovery. Keep secure, geographically separated backups and document recovery steps for trusted heirs or executors.
4. Are PSBTs private?
PSBTs contain public transaction data. They do not reveal private keys, but share the same privacy profile as the resulting on‑chain transaction. Use privacy best practices like new change addresses and avoiding address reuse to minimize linkability.
5. Which wallets support PSBT workflows in Canada?
Sparrow Wallet, Electrum, Bitcoin Core (with PSBT support), Coldcard, Keystone, and hardware wallets with PSBT modes support these workflows. Use a watch‑only setup tied to a full node for best privacy and security; see our guide on how to run a Bitcoin full node in Canada for more.
Conclusion and actionable takeaways
- Start with a watch‑only wallet and practice creating PSBTs with small amounts.
- Choose an air‑gapped signer and transport method that matches your operational security needs; prefer SD or QR/UR over USB when possible.
- For long‑term custody, prefer multisig and document descriptors, xpubs, and recovery steps. See our multisig guide for setup options.
- Keep complete records of PSBTs, receipts, and txids for CRA reporting and estate needs.
- Test recovery and signing workflows periodically, and maintain firmware checks and trusted device sourcing in Canada.
If you are choosing hardware or building a long‑term custody plan, learn how to choose and set up a hardware wallet in Canada and combine it with multisig for the strongest protection. Properly implemented PSBT cold signing gives you a secure, auditable way to control Bitcoin while minimising attack surface and preserving privacy.