Product mechanics
How SATSCARD Slots Work
Ten independent keys let one card complete ten separate bearer-Bitcoin lifecycles.
A SATSCARD contains ten independent key slots that are used one after another. The current slot starts sealed so its private key is not exposed. Unsealing reveals the material needed to sweep its bitcoin and irreversibly advances the card. A later slot can then begin a new, unrelated lifecycle.
One card, ten separate lifecycles
The protocol numbers slots 0 through 9; user-facing instructions call them slots 1 through 10. They are not ordinary receive addresses derived from one recoverable seed. Each slot uses an independent card-generated key contribution, so exposing one slot does not provide the master secret for the others.
This design lets the physical card be reused after the previous holder sweeps a slot. It does not mean one loaded slot can be reset or resealed.
The slot state sequence
| State | Private key status | Normal action | Can it return to the prior state? |
|---|---|---|---|
| Unused | No funded key lifecycle yet | Initialize the next slot | Not after initialization |
| Sealed | Key remains protected by the card | Verify and fund; keep or pass the card | Remains sealed until unseal |
| Unsealed | Slot key material can be exported | Sweep every output to a new wallet | No |
| Finished | Old address should be empty | Initialize or use the next slot | No |
Slot one is special
Coinkite initializes the first slot at the factory, and its deposit address is represented by the printed QR on the back of the card. The card contributes secret randomness, and the factory process uses a recent Bitcoin block hash as the public chain-code contribution.
Once slot one is unsealed, the printed QR remains the old slot-one address. It does not update. Sending there again risks funding an already exposed key. For slots two through ten, use a compatible app to initialize, derive, and verify the current payment address.
How later slot keys are formed
For a new slot, compatible software can provide a fresh 32-byte chain code. The card combines that public contribution with its own secret entropy using the protocol's BIP-32-based key-picking construction. The application can use the chain code and card's public contribution to verify the resulting address without learning the sealed private key.
This construction is designed to reduce reliance on either side as the sole entropy source. It still requires correct card hardware, correct software, certificate verification, and safe custody.
Why unsealing advances the card
A bearer handoff depends on the current private key not being exposed. After unsealing, the key can be copied and physical possession no longer proves exclusive control. The card therefore makes the state transition permanent and moves forward rather than pretending the old key can become secret again.
Unsealing is not an ordinary “send” button. It is the recovery step that makes the private key available so compatible software can create a sweep transaction.
Rules that prevent common losses
- Verify the current slot before every funding event.
- Never unseal to check the balance.
- Never reuse an old slot address after unsealing.
- Do not use the printed QR for later slots.
- Sweep the full old-slot balance to a verified wallet address.
- Confirm the sweep before discarding key material.
- Initialize and verify the next slot before funding it.
No seed phrase covers all ten slots
SATSCARD is not a BIP-39 wallet. There is no single mnemonic backup that restores every slot. The normal exit from a funded slot is to unseal it and sweep the bitcoin to another wallet. Future slot keys do not become recoverable merely because an earlier slot key was exported.
If you need a persistent wallet with a documented reusable backup, choose a conventional self-custody wallet. If you want a reusable signing card that stays with one owner, compare SATSCARD with TAPSIGNER.
Next: follow the safe unseal-and-sweep procedure or review the security model.
Official sources
Protocol claims on this page were checked against these first-party sources on 2026-07-10.
