SeedSigner is not a product you buy. It's a device you build. Raspberry Pi Zero, camera, LCD display — all off-the-shelf, all under $50 total. It runs open-source software, never stores your private keys, and communicates only via QR codes. The security model is as close to trustless as hardware gets. It's also not for beginners.
Not for beginners
SeedSigner requires assembling hardware, flashing and verifying firmware, and understanding stateless key management. If you're new to hardware wallets, start with a Trezor Safe 3 or BitBox02 first.
Commercial hardware wallets require you to trust the manufacturer. Closed firmware (Ledger), proprietary supply chains, pre-loaded chips you can't inspect — there's a point at which you're taking someone's word that the device does what it claims.
SeedSigner eliminates that trust requirement as completely as anything available. The hardware is a Raspberry Pi Zero 1.3 — a general-purpose computer with no WiFi or Bluetooth, made by a well-known non-Bitcoin company with no incentive to backdoor it. The software is published on GitHub and can be audited line by line. You flash the OS yourself, verify the hash, and run it. Nobody at SeedSigner ever shipped you a device.
This also removes the supply chain attack vector. When you buy a commercial hardware wallet, you're relying on it not being tampered with in transit. Building from generic components sourced from multiple vendors makes that attack much harder to execute.
Every commercial hardware wallet stores your private keys on the device — in an encrypted form protected by a PIN and secure element chip. Those keys live on the device between uses. If an attacker steals the device and finds a vulnerability in the PIN protection or secure element, there are keys to extract.
SeedSigner never stores keys. When you power it off, nothing remains. An attacker with a powered-off SeedSigner has a generic Raspberry Pi — nothing else. The private keys exist only in volatile RAM for the duration of a session, and only when you deliberately load them by entering your seed.
The tradeoff: you need to input your seed phrase at the start of every signing session. SeedQR makes this faster (scan a QR instead of typing 24 words), but it's still an extra step. For people who sign transactions infrequently, this is a fine tradeoff. For active traders, it would get old quickly.
For cost-efficiency, yes. Setting up a proper 2-of-3 multisig with commercial hardware wallets costs $300-600 (three wallets from different manufacturers). Building three SeedSigners costs about $150. That's a meaningful difference.
The workflow with Sparrow Wallet: each SeedSigner holds a different key. A transaction requires signatures from two of the three devices. You export the unsigned transaction from Sparrow as a QR, scan it on the first device, get a partial signature QR back, bring that to Sparrow, repeat with the second device, and Sparrow broadcasts the fully signed transaction. No device ever connects to anything via cable.
The stateless design is actually an advantage in multisig. Each key lives in a different location (ideally a different city). The device at each location sits powered off with no stored keys, just waiting to be used when you need to sign. For long-term cold storage, that's a strong setup.
| Component | Spec | Why this version | Est. cost |
|---|---|---|---|
| Raspberry Pi Zero | Version 1.3 (not 2 W) | No WiFi/Bluetooth on 1.3 | ~$15-20 |
| Camera | OV5647 (any compatible module) | For QR code scanning | ~$10 |
| Display | Waveshare 1.3" LCD HAT | Official recommended display | ~$15 |
| microSD card | 8GB minimum | For SeedSigner OS | ~$5 |
| Case (optional) | 3D printed or retail | Protects hardware | Free-$10 |
Important: use the Raspberry Pi Zero 1.3 specifically. The newer Zero 2 W has WiFi and Bluetooth, which defeat the air-gap security model.
SeedSigner is for experienced Bitcoiners who've already used a commercial hardware wallet, understand the security model deeply, and want to remove all trust from the equation. If that's where you are, it's genuinely excellent. The security properties are hard to beat at any price.
It's also the best starting point for multisig on a budget. If you want 2-of-3 multisig but can't justify buying three commercial hardware wallets, three SeedSigners at $150 total get you there.
If you're just starting out, don't start here. Get a Trezor Safe 3 or BitBox02, learn how hardware wallets work, and come back to SeedSigner when you're ready to go deeper. The cold storage guide will help you figure out which level of setup you actually need.
Under $50 in parts. Raspberry Pi Zero, WaveShare camera, and a 1.3" LCD. Full build guide on GitHub.
SeedSigner is a DIY Bitcoin signing device built from off-the-shelf components. You assemble it yourself from a Raspberry Pi Zero 1.3 (the version with no WiFi or Bluetooth), a camera module, and a small LCD display. The total parts cost under $50. It runs open-source software that turns this general-purpose hardware into a Bitcoin-only transaction signer. It never stores your private keys — they exist only in volatile memory for the duration of a session, then vanish when you power it off.
For experienced users who understand what they're doing, yes — it's arguably one of the most trustworthy signing setups available. The hardware is generic (no proprietary chips), the software is open source and auditable, and the stateless design means private keys are never persisted anywhere. The safety depends heavily on the user correctly verifying the firmware they flash. If you flash unverified software, you've defeated the security model. This is not the right tool for beginners.
Stateless operation is a core design choice. Every time you power up a SeedSigner, it starts fresh with no knowledge of your wallet. You input your seed phrase at the beginning of each session — manually, via SeedQR (a QR code encoding of your words), or using entropy from dice rolls or a photo. When you're done and power off, nothing is retained. An attacker who gets physical access to a powered-off SeedSigner gets nothing — there are no keys to extract.
The workflow is entirely QR-based. In Sparrow Wallet (or BlueWallet), you create an unsigned transaction and it displays as a series of QR codes. Your SeedSigner's camera scans those codes. The device loads your seed, reconstructs the keys in volatile memory, displays the transaction details for you to verify, and when you confirm, signs the transaction. It then displays the signed transaction as animated QR codes. Sparrow's webcam scans those and broadcasts to the network. No cables. No data connections of any kind.
Three main parts: a Raspberry Pi Zero 1.3 (not the newer Zero 2 W — the 1.3 has no WiFi or Bluetooth, which matters for security), an OV5647 camera module, and a Waveshare 1.3-inch LCD HAT. You can find all three on Amazon or direct from component suppliers. Total cost is typically $40-55 depending on where you source them. You also need a microSD card (8GB minimum) to flash the SeedSigner OS onto, and a case (optional but recommended — 3D printable designs are published on GitHub).
Yes, completely. SeedSigner signs Bitcoin transactions and nothing else. There's no multi-chain firmware, no altcoin support, no DeFi integrations. This is a Bitcoin signing device from the ground up. The software is written with Bitcoin self-sovereignty as the only goal.
Yes, and this is one of its strongest use cases. Because each SeedSigner costs under $50 to build, you can assemble multiple devices for a fraction of the cost of commercial hardware wallets. A 2-of-3 multisig setup using three SeedSigners costs roughly $150 total. That's less than a single Coldcard or Foundation Passport. Each device holds a different key. Sparrow Wallet coordinates the multisig. If one device is compromised or lost, the Bitcoin is still safe.
SeedQR is a compact QR code representation of your seed phrase. Instead of manually typing 12 or 24 words every time you want to sign a transaction (tedious and error-prone), you scan a SeedQR with the device's camera and it loads the seed instantly. You still need to physically secure the SeedQR card just like you would a written seed phrase — it encodes your full wallet recovery information. The benefit is speed and reduced transcription errors during session setup.
About 45-60 seconds. The Raspberry Pi Zero needs to boot a full Linux OS from the microSD card. This is the most noticeable UX limitation compared to commercial hardware wallets that boot in 2-5 seconds. For occasional signing, it's not a significant issue. If you're signing multiple transactions daily, the boot time becomes more annoying.
Anyone who isn't comfortable with: verifying firmware signatures, assembling small electronics, understanding what 'stateless signing' means and why it requires careful key management, and troubleshooting when something goes wrong with no customer support. If you're new to Bitcoin hardware wallets and just want something that works reliably out of the box, start with a Trezor Safe 3 or BitBox02. SeedSigner is for people who've been through at least one commercial hardware wallet and want to go deeper.