Coldstar splits wallet operations across two physically separated devices. Private keys never touch a network-connected machine.
Build unsigned transactions via Solana RPC. Fetch balances, token accounts, and recent blockhashes.
Transfer unsigned transaction bytes via QR code scan or encrypted USB drive. No network required.
Air-gapped machine signs the transaction with Ed25519 keys. Returns signed bytes via QR/USB.
12 modular Rust crates, each independently publishable and auditable. Compose only what you need.
Root orchestrator crate. Air-gapped cold wallet for Solana and Base with CLI entry point and mode routing.
Secure signing core with AES-256-GCM encryption, Argon2id key derivation, Ed25519 and secp256k1 signing, ZK proofs, and mlock'd memory.
Wallet management with key generation, encrypted storage, and backup/restore workflows.
Transaction building, signing, and serialization. Constructs Solana transactions for air-gapped signing.
Solana RPC client with full JSON-RPC 2.0 support, SPL token fetching, and transaction submission.
Privacy transaction layer with mode selection, signing policy engine, privacy validation, and SPL Token-2022 confidential transfers.
Zero-knowledge proof engine with Schnorr ownership proofs, Pedersen range proofs, and policy compliance proofs.
Terminal UI built on ratatui. Interactive wallet interface for key management, signing, and transaction review.
USB drive detection, mounting, and transaction shuttle for transferring signed payloads between devices.
Bootable Alpine Linux image builder and USB flasher. Creates minimal OS images for dedicated cold signing devices.
Input validation for device paths, Solana addresses, passwords, and transaction amounts.
Configuration constants and settings. Default paths, timeout values, and feature flags for the Coldstar ecosystem.
Install the full toolkit or pick individual crates for your use case.
# Install the complete Coldstar cold wallet
$ cargo install coldstar
# Or add to your project
$ cargo add coldstar# Just the signing engine
$ cargo add coldstar-signer
# Transaction builder + network client
$ cargo add coldstar-transaction coldstar-network
# Privacy layer with ZK proofs
$ cargo add coldstar-privacy coldstar-zk
# USB shuttle for air-gap transfer
$ cargo add coldstar-usb
# Terminal UI
$ cargo add coldstar-tui# Build a minimal Alpine Linux ISO with Coldstar pre-installed
$ cargo install coldstar-iso
$ coldstar-iso build --output coldstar.iso
# Flash to USB drive
$ coldstar-iso flash --iso coldstar.iso --device /dev/sdX# Minimum
Rust >= 1.75.0
OS Linux (x86_64, aarch64), macOS (aarch64)
# For cold device ISO builds
Docker >= 24.0 (Alpine rootfs builder)
# For USB shuttle
Linux udev rules for USB detectionColdstar assumes the hot device is compromised. Every design decision enforces that private keys never leave the air-gapped cold device.
The cold device has no network stack. WiFi, Bluetooth, and ethernet drivers are stripped from the ISO image. Key material exists only in memory-locked (mlock'd) pages.
Wallet files encrypted with AES-256-GCM. Key derivation uses Argon2id with tunable memory and iteration parameters to resist brute-force attacks.
Ed25519 and secp256k1 signing happen exclusively on the cold device. Unsigned transaction bytes are the only input; signed bytes are the only output.
Prove wallet ownership or balance thresholds without revealing keys or exact amounts. Built on Schnorr and Pedersen commitment schemes.
Encrypted payloads transferred via USB with integrity verification. The shuttle carries only serialized transaction bytes, never key material.
The security model assumes the worst case: the hot device is fully compromised by malware, the network is monitored, and USB drives may be tampered with.
Key types and functions from the core crates. Full docs on docs.rs.
coldstar-wallet
use coldstar_wallet::{Wallet, WalletConfig};
let config = WalletConfig {
name: "my-cold-wallet".into(),
network: Network::Mainnet,
encryption: Encryption::Aes256Gcm,
};
let wallet = Wallet::create(config, &password)?;
let pubkey = wallet.public_key();coldstar-signer
use coldstar_signer::{Signer, SigningRequest};
// On the cold device:
let signer = Signer::from_encrypted_key(&keyfile, &password)?;
let request = SigningRequest::deserialize(&unsigned_bytes)?;
// Review transaction details before signing
request.display_summary();
let signed = signer.sign(&request)?;
let output = signed.serialize(); // bytes for QR/USBcoldstar-network
use coldstar_network::{RpcClient, Cluster};
let client = RpcClient::new(Cluster::Mainnet);
let balance = client.get_balance(&pubkey).await?;
let tokens = client.get_token_accounts(&pubkey).await?;
// Build unsigned transaction
let unsigned = client.build_transfer(
&pubkey, &recipient, amount
).await?;
// Submit signed transaction
let sig = client.submit(&signed_bytes).await?;coldstar-usb
use coldstar_usb::{UsbShuttle, Payload};
// Detect and mount USB drive
let shuttle = UsbShuttle::detect()?;
// Write unsigned tx to USB (hot device)
shuttle.write_payload(Payload::unsigned(&tx_bytes))?;
// Read and sign on cold device
let payload = shuttle.read_payload()?;
// Write signed result back
shuttle.write_payload(Payload::signed(&signed_bytes))?;coldstar-zk
use coldstar_zk::{SchnorrProof, PedersenRange, Verifier};
// Prove you own a key without revealing it
let proof = SchnorrProof::generate(&keypair, &challenge)?;
assert!(Verifier::verify_ownership(&pubkey, &proof));
// Prove balance is within range
let range = PedersenRange::prove(balance, min, max)?;
assert!(Verifier::verify_range(&commitment, &range));Coldstar ranked #62 out of 400+ teams in the Colosseum Hackathon, competing against projects across the entire Solana ecosystem. Built from scratch in Rust with zero external wallet dependencies.
Coldstar is open source under the MIT license. We welcome contributions from security researchers and Rust developers.
Found a bug or security vulnerability? Open an issue on GitHub Issues. For security-sensitive reports, email directly.
Fork the repo, create a feature branch, and submit a pull request.
All code must pass cargo clippy and cargo test.
Each of the 12 crates can be independently audited. We especially welcome reviews of coldstar-signer and coldstar-zk.