Hardware Wallet Compatibility
Sigvault supports a range of hardware wallets for signing transactions. Each device has different capabilities depending on the wallet type and spending conditions used.
Compatibility Matrix
Section titled “Compatibility Matrix”| Feature | BitBox02 | Ledger | Trezor | Coldcard | Jade |
|---|---|---|---|---|---|
| Discovery | USB HID | USB HID | USB HID | USB HID | USB Serial |
Simple Taproot (tr(key)) | Yes | Yes | Yes | Yes | Yes |
| Taproot Vault (keypath) | Yes | Yes | No | Yes | Yes |
| Taproot Vault (script path) | Yes | Yes | No | Yes | Yes |
Segwit v0 (wpkh, wsh) | Yes | Yes | Yes | Yes | Yes |
| Multisig | Yes | Yes | Yes | Yes | Yes |
| Policy Registration | Required | Required | N/A | N/A | N/A |
| Min Firmware | Latest | v2.1.0 | v2.6.0 | v6.2.1 | v1.0.29 |
Trezor Taproot Limitation
Section titled “Trezor Taproot Limitation”Trezor devices (Model One, Model T, Model R) have a known limitation with taproot outputs that include script trees:
What works:
- Simple taproot wallets with a single key (
tr(key)) - Device discovery, xpub extraction, and address verification
- All segwit v0 wallet types (single-sig, multisig)
What does not work:
- Keypath signing for taproot outputs with script trees (
tr(key, tree)) - Script-path signing (not supported by the Trezor protocol)
Why: The Trezor firmware computes the keypath signature using only the internal key tweak (H(internal_key)), but taproot outputs with script trees require the merkle root in the tweak (H(internal_key || merkle_root)). The Trezor communication protocol does not include a field to pass the merkle root or script tree data to the device.
Impact: Wallets with recovery spending conditions, timelocks, or multiple spending paths use taproot script trees. A Trezor device cannot be the primary keypath signer for these wallets. Sigvault validates this during wallet creation and will reject incompatible configurations.
Workaround: Use a BitBox02, Ledger, or Coldcard as the primary signer. Trezor devices can still be used in simple single-key wallets without recovery conditions.
BitBox02 Notes
Section titled “BitBox02 Notes”- Requires Bitcoin-only firmware for signing
- Uses multipath descriptor format (
<0;1>/*) - Policy must be registered on the device before signing
- Supports Taproot with full script tree awareness
Ledger Notes
Section titled “Ledger Notes”- Must have the Bitcoin app (or Bitcoin Test app for testnet) open on the device
- Enforces coin type in derivation paths — mainnet-only with the Bitcoin app
- No explicit unlock step needed if the app is open
- Wallet policy must be registered on the device before signing
Coldcard Notes
Section titled “Coldcard Notes”- Supports USB and air-gapped (SD card) operation
- Minimum firmware version: 6.2.1 (Edge firmware recommended)
- Full taproot and miniscript support
Jade Notes
Section titled “Jade Notes”- Connected via USB serial (not HID)
- Requires network-aware authentication — the device must be configured for the correct network
- Serial timeouts: 10 seconds for quick operations, 120 seconds for interactive operations (auth, signing)
- After a failed auth attempt, the device may need to be physically reconnected