Quick Start โข Documentation โข Security โข Architecture โข Whitepaper
Proof of Concept โ Experimental Software
Coldstar is a proof of concept and an experimental version. It is not production-ready and should not be used to secure real assets. This repository exists for developers and researchers in the Coldstar community to understand, evaluate, and improve the Coldstar process.
๐ค Contributions, feedback, and security reviews are welcome and encouraged.
- Overview
- Features
- Quick Start
- Core Concept
- How It Works
- Encryption Flow
- Supported Use Cases
- Documentation
- Development
- License
Coldstar is a CLI-first cold wallet system that transforms any standard USB drive into a disposable, RAM-only signing medium. It eliminates long-lived private key exposure by ensuring keys are decrypted only in volatile memory and only for the duration of transaction signing.
Key Innovation: No permanent trusted hardware. No secure elements. No vendor lock-in.
This repository contains the core implementation, documentation, and tooling required to initialize USB-based cold wallets and perform offline transaction signing.
|
|
|
Coldstar requires both Python 3.8+ and Rust to be installed on your system.
๐ Installing Python
# Download and install Python from official website
winget install Python.Python.3.11
# Or download from: https://www.python.org/downloads/
# Make sure to check "Add Python to PATH" during installation# Using Homebrew
brew install python@3.11
# Or download from: https://www.python.org/downloads/# Ubuntu/Debian
sudo apt update
sudo apt install python3 python3-pip
# Fedora
sudo dnf install python3 python3-pip
# Arch
sudo pacman -S python python-pipVerify installation:
python --version
# or
python3 --version๐ฆ Installing Rust
# Install rustup (Rust installer)
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
# Follow the on-screen instructions
# After installation, restart your terminalwinget install Rustlang.RustupVerify installation:
cargo --version
rustc --version1๏ธโฃ Clone the repository:
git clone https://github.com/devsyrem/coldstar.git
cd coldstar2๏ธโฃ Run the application:
python main.pyThe application will automatically:
- โ Build the Rust secure signer on first run
- โ Set up the necessary environment
- โ Launch the interactive CLI
๐ก Note: The first run will take a few minutes as it compiles the Rust components. Subsequent runs will be much faster.
Traditional hardware wallets rely on permanent devices that store private keys for their entire lifetime. This creates persistent trust anchors, supply-chain risk, and physical attack surfaces.
Coldstar challenges this model by removing permanent trusted hardware entirely.
| Traditional Approach | Coldstar Approach |
|---|---|
| ๐ Proprietary hardware | โ Open-source, auditable software |
| ๐ญ Vendor-controlled firmware | โ User-controlled operating systems |
| ๐ Long-lived key exposure | โ Extremely short-lived key exposure in RAM |
- โ Encrypted at rest on user-supplied USB storage
- โ Decrypted only in system memory
- โ Explicitly wiped after signing completes
๐ฏ Key Insight: The USB drive is not a signing device. It is encrypted storage only.
flowchart LR
A[๐ง Initialize USB] --> B[๐ Generate Keys]
B --> C[๐ Encrypt to USB]
flowchart TD
D[๐ Load Transaction] --> E[๐พ Read from USB to RAM]
E --> F[๐ Decrypt in Memory]
F --> G[โ๏ธ Sign Transaction]
G --> H[๐๏ธ Wipe Memory]
-
๐ง Initialize USB Drive
A standard USB drive is initialized using the Coldstar CLI -
๐ Generate Key Pairs
Cryptographic key pairs are generated and encrypted directly onto the USB -
๐ When signing is required:
- Encrypted key material is loaded into memory
- Decryption occurs only in RAM
- The transaction is signed
-
๐๏ธ Immediate Cleanup
Decrypted key material is immediately erased from memory -
โ Security Achieved
No plaintext keys persist on disk or hardware
๐ At no point does any powered device permanently store a usable private key.
๐ See ARCHITECTURE.md for detailed technical architecture and system design.
Coldstar's security model depends on understanding exactly where sensitive data exists in physical hardware and how it's protected at each stage.
๐ค 1. Key Generation and Encryption (Initial Setup)
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ HARDWARE: CPU + System RAM (Volatile) โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ โ
โ Step 1: Random Seed Generation โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ CPU's Hardware RNG (/dev/urandom) โ โ
โ โ โ 32 bytes Ed25519 seed โ โ
โ โ โ Generated in CPU registers โ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ (copied to RAM) โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ Rust Secure Buffer (mlock'd RAM) โ โ
โ โ โข Memory page locked (cannot swap) โ โ
โ โ โข 32-byte plaintext private key โ โ PLAINTEXT HERE โ
โ โ โข Protected by OS memory isolation โ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ โ
โ Step 2: User Passphrase Entry โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ Keyboard โ Terminal โ RAM buffer โ โ
โ โ Passphrase: "user_secret_password" โ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ โ
โ Step 3: Key Derivation (Argon2id) โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ CPU executes Argon2id: โ โ
โ โ โข 64 MB memory-hard operation โ โ
โ โ โข 3 iterations โ โ
โ โ โข 32-byte random salt โ โ
โ โ โ Produces 32-byte AES-256 key โ โ
โ โ โ Stored in mlock'd RAM โ โ PLAINTEXT HERE โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ โ
โ Step 4: AES-256-GCM Encryption โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ CPU encrypts: โ โ
โ โ โข Input: 32-byte plaintext key โ โ
โ โ โข Key: Derived AES key โ โ
โ โ โข Nonce: 12-byte random โ โ
โ โ โข Output: 48-byte ciphertext + auth tag โ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ โ
โ Step 5: Immediate Zeroization โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ Plaintext key OVERWRITTEN in RAM: โ โ
โ โ 0x42...A7 โ 0x00000000000000000000 โ โ
โ โ Derived AES key โ 0x000000000000 โ โ
โ โ Passphrase buffer โ 0x000000000000 โ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ (only encrypted data remains) โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ HARDWARE: USB Flash Storage (Non-Volatile) โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ JSON File Written to NAND Flash: โ
โ { โ
โ "version": 1, โ
โ "salt": "base64_encoded_32_bytes", โ
โ "nonce": "base64_encoded_12_bytes", โ
โ "ciphertext": "base64_encoded_48_bytes", โ ENCRYPTED ONLY โ
โ "public_key": "base58_encoded_pubkey" โ
โ } โ
โ โ
โ โ ๏ธ Private key NEVER stored in plaintext on USB โ
โ โ USB can be read without exposing private key โ
โ โ USB can be physically seized without key compromise โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
๐ฅ 2. Transaction Signing (Decryption and Use)
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ HARDWARE: USB Flash Storage (Non-Volatile) โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ Step 1: Read Encrypted Container from USB โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ USB NAND Flash โ USB Controller โ โ โ
โ โ USB Bus โ OS Kernel โ Python Process โ โ
โ โ โ โ
โ โ Encrypted data (48 bytes ciphertext) โ โ ENCRYPTED ONLY โ
โ โ + Salt (32 bytes) โ โ
โ โ + Nonce (12 bytes) โ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ (encrypted data copied to RAM)
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ HARDWARE: System RAM - Python Memory Space โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ Python dict object in heap: โ โ
โ โ { โ โ
โ โ "ciphertext": [bytes], โ ENCRYPTED โ โ
โ โ "salt": [bytes], โ โ
โ โ "nonce": [bytes] โ โ
โ โ } โ โ
โ โ โ โ
โ โ โ ๏ธ NO PLAINTEXT KEY IN PYTHON MEMORY โ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ (FFI call: Python โ Rust)
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ HARDWARE: System RAM - Rust Memory Space (Isolated) โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ Step 2: Passphrase Entry โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ User types passphrase โ โ
โ โ โ Passed to Rust via FFI โ โ
โ โ โ Copied into Rust String โ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ โ
โ Step 3: Key Re-Derivation (Argon2id) โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ Rust Secure Buffer (mlock'd): โ โ
โ โ โ โ
โ โ Argon2id(passphrase, salt) โ โ โ
โ โ 32-byte AES-256 key โ โ PLAINTEXT HERE โ
โ โ โ โ
โ โ โข mlock() called - RAM locked โ โ
โ โ โข Cannot be swapped to disk โ โ
โ โ โข Python CANNOT access this memory โ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ โ
โ Step 4: AES-256-GCM Decryption โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ CPU decrypts in Rust mlock'd buffer: โ โ
โ โ โ โ
โ โ Ciphertext (48 bytes) โ โ โ
โ โ AES-GCM-Decrypt(key, nonce) โ โ โ
โ โ 32-byte Ed25519 seed โ โ PLAINTEXT HERE โ
โ โ โ โ
โ โ โข Plaintext key ONLY in locked RAM โ โ
โ โ โข NEVER copied to Python โ โ
โ โ โข NEVER written to disk โ โ
โ โ โข NEVER in swap file โ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ โ
โ Step 5: Ed25519 Signature Generation โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ CPU executes Ed25519 signing: โ โ
โ โ โ โ
โ โ Private Key (32 bytes) + โ โ PLAINTEXT HERE โ
โ โ Transaction Message (N bytes) โ โ โ
โ โ CPU Ed25519 ops โ โ โ
โ โ 64-byte signature โ โ
โ โ โ โ
โ โ โข Signing in CPU registers + L1 cache โ โ
โ โ โข Private key in mlock'd RAM โ โ
โ โ โข Duration: ~100 microseconds โ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ โ
โ Step 6: Immediate Zeroization โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ Rust Drop trait executes: โ โ
โ โ โ โ
โ โ Private key buffer โ 0x00000000000000 โ โ
โ โ Derived AES key โ 0x00000000000000 โ โ
โ โ Passphrase โ 0x00000000000000 โ โ
โ โ โ โ
โ โ โข Guaranteed even on panic โ โ
โ โ โข munlock() called - RAM unlocked โ โ
โ โ โข Memory returned to OS โ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ (only signature returned) โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ (FFI return: Rust โ Python)
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ HARDWARE: System RAM - Python Memory Space โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ Python receives: โ โ
โ โ โข 64-byte signature (PUBLIC) โ โ SAFE โ
โ โ โข Transaction with signature attached โ โ SAFE โ
โ โ โ โ
โ โ โ ๏ธ Private key NEVER entered Python โ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
๐ mlock() - Preventing Swap to Disk
Normal RAM page: mlock'd RAM page:
โโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโ
โ RAM (active) โ โ RAM (locked) โ
โโโโโโโโฌโโโโโโโโ โโโโโโโโโโโโโโโโ
โ OS may swap โ
โ โ
โโโโโโโโโโโโโโโโ Cannot be moved
โ Swap file on โ to disk by OS
โ disk/SSD โ
โโโโโโโโโโโโโโโโ
Private keys ONLY in mlock'd pages โ Never touch persistent storage
๐๏ธ Memory Zeroization
Before Zeroization: After Zeroization:
RAM Address: 0x7F3A8000 RAM Address: 0x7F3A8000
โโโโโโโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโโโโโ
โ 0x42 (private key) โ โ 0x00 (zeroed) โ
โ 0x8F โ โ 0x00 โ
โ 0xA7 โ โ 0x00 โ
โ ... (32 bytes) โ โ ... (32 bytes) โ
โโโโโโโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโโโโโ
โข Overwrites with zeros before deallocation
โข Prevents recovery from heap analysis
โข Protects against cold boot attacks (partially)
๐ Process Memory Isolation
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Operating System (Kernel Space) โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ โ
โ โโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโ โ
โ โ Python Process โ โ Other Processes โ โ
โ โ PID: 1234 โ โ PID: 5678, ... โ โ
โ โโโโโโโโโโโโโโโโโโโค โโโโโโโโโโโโโโโโโโโโ โ
โ โ Python heap โ โ โ
โ โ (encrypted data)โ โ โ
โ โโโโโโโโโโฌโโโโโโโโโ โ โ
โ โ FFI call โ โ
โ โ โ โ
โ โโโโโโโโโโโโโโโโโโโ โ โ
โ โ Rust library โ โ โ
โ โ (same process) โ โ โ
โ โโโโโโโโโโโโโโโโโโโค โ โ
โ โ mlock'd buffer โ โ OS blocks access โ
โ โ (plaintext key) โ โ โ
โ โโโโโโโโโโโโโโโโโโโ โ โ
โ โ โ
โ โข Rust memory isolated from Python by design โ
โ โข mlock'd pages protected by OS kernel โ
โ โข Other processes cannot access this memory โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
| Location | Data State | Duration | Hardware |
|---|---|---|---|
| ๐พ USB NAND Flash | ๐ Encrypted | Permanent (until deleted) | Non-volatile flash memory |
| ๐ USB โ Computer | ๐ Encrypted | Microseconds (transfer) | USB bus, PCIe controller |
| ๐ Python RAM | ๐ Encrypted | Seconds (during signing) | DRAM (swappable) |
| ๐ฆ Rust mlock'd RAM | ~100 microseconds | DRAM (locked, non-swappable) | |
| โก CPU Registers/Cache | ~10 nanoseconds | L1/L2 cache, registers | |
| ๐ Network transmission | โ Signature only | N/A | Never contains private key |
|
|
๐ See SECURE_SIGNER_README.md for detailed information on the Rust-based secure signer implementation.
| Aspect | ๐ช Hardware Wallet | โ๏ธ Coldstar |
|---|---|---|
| Persistent key storage | โ Yes (secure element) | โ No (RAM only during signing) |
| Physical attack surface | ๐ Permanent device | ๐ฟ Disposable USB + computer RAM |
| Decryption location | ๐ Inside secure chip | ๐พ System RAM (mlock'd) |
| Key lifetime | ๐ Years | โก Microseconds |
| Supply chain risk | โ Low (commodity USB + open source) | |
| OS compromise impact | ๐ก๏ธ Protected by hardware |
Coldstar is asset-agnostic and designed to support modern on-chain workflows, including:
|
|
๐ฏ All assets are handled under the same cold-signing security model.
Hardware wallets improved security, but introduced new problems:
|
|
Coldstar removes the concept of a permanent trusted device entirely.
Any USB drive can be:
- ๐ Rotated โ Replace with a new one anytime
- ๐ฅ Destroyed โ No regrets about hardware cost
- ๐ Replaced โ Use any commodity USB
- ๐๏ธ Treated as disposable โ No attachment to specific devices
๐ก There are no serial numbers, proprietary chips, or vendor lock-in.
๐ See whitepaper.md for the complete technical whitepaper and theoretical foundations.
Coldstar is explicit about its security boundaries.
|
|
๐ก Coldstar does not attempt to hide these assumptions behind hardware abstractions.
โจ New Feature: Automatic file integrity and restoration system.
Every time you plug your USB cold wallet into a machine, Coldstar automatically:
- โ Detects if this is the first time on this machine/session
- โ
Verifies all critical wallet files (
keypair.json,pubkey.txt) - โ Restores missing or corrupted files from backup (if needed)
- โ Creates/updates backups of valid files
- โ Updates boot instance markers
๐ก This is not a restoration function โ it's an intelligent boot detection mechanism that ensures wallet integrity across different machines and reboots.
- ๐ Boot Detection: Generates unique boot instance ID from machine hostname + process + timestamp
- ๐ File Verification: Checks critical files for existence and corruption (0-byte detection)
- ๐ Smart Restoration: Only restores files if actually missing or corrupted
- ๐พ Automatic Backups: Creates backups in
.coldstar/backup/directory on USB
USB Drive
โโโ wallet/
โ โโโ keypair.json # ๐ Encrypted private key
โ โโโ pubkey.txt # ๐ Public address
โโโ inbox/ # ๐ฅ Unsigned transactions
โโโ outbox/ # ๐ค Signed transactions
โโโ .coldstar/ # ๐ Hidden system directory
โโโ last_boot_id # ๐ Boot instance tracker
โโโ backup/ # ๐พ Automatic backups
โโโ keypair.json
โโโ pubkey.txt
- โก Zero User Intervention โ Everything happens automatically
- ๐ฅ๏ธ Cross-Machine Compatibility โ USB works seamlessly on any machine
- ๐ Corruption Detection โ Catches file system errors immediately
- ๐ก๏ธ Protection Against Accidents โ Files can be recovered from backup
- ๐ Performance Optimized โ Only runs when needed
- FIRST_BOOT_PROCESS.md - Detailed technical specification
- FIRST_BOOT_IMPLEMENTATION.md - Implementation details
- FIRST_BOOT_QUICKSTART.md - Quick start guide
- STEP7_VISUAL_GUIDE.md - Visual guide to the 7-step USB flash process
- STEP7_QUICK_REFERENCE.md - Quick reference for Step 7
|
|
๐ก Compared to open-source hardware wallets, Coldstar removes the final dependency: the device itself.
Coldstar is built for power users and automation:
|
|
๐ก This is not a consumer wallet and does not aim to be one.
Coldstar is built for technical users who value control and transparency:
- ๐จโ๐ป Developers signing complex transactions
- ๐ Traders managing significant on-chain value
- ๐ง Operators who require explicit control
- ๐ Security-conscious users who understand their environment
โ ๏ธ Not intended for beginners or retail-first UX.
Coldstar is designed to be:
- ๐๏ธ Fully inspectable โ All code is open-source
- ๐๏ธ Deterministically buildable โ Reproducible builds
- ๐ฌ Auditable by design โ Security by verification, not trust
๐ก Security claims are meant to be verifiable, not trusted.
- INTEGRATION_GUIDE.md - Guide for integrating Coldstar
- INTEGRATION_STATUS.md - Current integration status
- RUST_INTEGRATION_COMPLETE.md - Rust signer details
- PROJECT_COMPLETE.md - Project completion status
- DELIVERABLES.md - Project deliverables and roadmap
coldstar/
โโโ ๐ src/ # Source code
โ โโโ cli/ # Command-line interface
โ โโโ crypto/ # Key generation, encryption, memory handling
โ โโโ signing/ # Transaction signing logic
โโโ ๐ secure_signer/ # Rust-based secure signer
โโโ ๐ documentation/ # Architecture, threat model, design notes, and all documentation
โโโ ๐ attached_assets/ # Additional resources
โโโ ๐ main.py # Main entry point
โโโ ๐ง config.py # Configuration
โโโ ๐ README.md # This file
- test_first_boot.py - First boot functionality tests
- test_transaction.py - Transaction signing tests
โ ๏ธ Note: Requires Rust/Python pre-installed
- Windows: quickstart.ps1 - PowerShell setup script
- Linux/Mac: quickstart.sh - Bash setup script
Important: Users are responsible for understanding the risks, verifying the code, and operating within the documented security assumptions.
Open-source project. License details to be added.
Explore the full documentation for in-depth technical details:
| Category | Documentation |
|---|---|
| ๐๏ธ Architecture | ARCHITECTURE.md |
| ๐ Whitepaper | whitepaper.md |
| ๐ Security | SECURITY.md |
| ๐ฆ Secure Signer | SECURE_SIGNER_README.md |
| ๐ First Boot | FIRST_BOOT_PROCESS.md |
| ๐ง Integration | INTEGRATION_GUIDE.md |
We welcome contributions! Please open issues and submit pull requests on GitHub.
Questions? Issues? Feedback? Feel free to open an issue on GitHub.
Made with โ๏ธ by the Coldstar community