Air-Gapped PSBT Workflows: A Canadian Guide to Signing Bitcoin Offline Safely

Keeping your Bitcoin safe means controlling the signing keys, not just passwords on an exchange. Partially Signed Bitcoin Transactions, known as PSBTs, let you separate the online creation of a transaction from the offline signing of it. For Canadians who want strong self-custody, an air-gapped PSBT workflow provides a high-security, practical way to move and spend Bitcoin while minimizing exposure to online threats and scams.

Why air-gapped PSBT workflows matter

A modern Bitcoin security posture emphasizes layered defense. Air-gapped signing means the private keys used to authorize spending never touch an internet-connected device. PSBTs make this feasible and user-friendly. Instead of connecting your key to the internet, you create the transaction online with a watch-only wallet, transfer the unsigned PSBT to an offline signer, sign it there, and then broadcast the signed transaction from an online device.

Benefits for Canadian users

  • Reduced exposure to phishing, SIM swap attacks, and exchange hacks.
  • Compatible with Canadian workflows like withdrawing from exchanges such as Bitbuy and Coinsquare then moving to cold storage safely.
  • Works well with multisig vaults and inheritance plans important under Canadian estate rules.

What you will need

You do not need exotic hardware to start, but each component plays a role.

  • Online machine with a watch-only wallet (desktop or mobile) to create unsigned PSBTs.
  • Offline signer — an air-gapped computer or a dedicated hardware signer that never connects to the internet. Examples include hardware wallets or dedicated devices that support PSBT import and signing.
  • Hardware wallet or seed stored securely. If you use a hardware device for signing, keep firmware current and source devices from trusted vendors.
  • Transfer medium between devices: QR codes, microSD, or USB removed from networked devices. QR is often easiest for fully air-gapped workflows.
  • Watch-only wallet that supports PSBT creation and xpub import. Popular desktop wallets have PSBT workflows; choose one you trust and learn it well.

Core concepts: Watch-only wallets, PSBT, and air gap

Watch-only wallets

A watch-only wallet is created by importing public data such as an xpub or descriptor. It can see balances and create unsigned transactions but cannot sign them. Use a watch-only wallet on an internet-connected device to prepare transactions and review UTXOs without exposing private keys.

PSBT in one sentence

PSBT is a standardized container for unsigned or partially signed Bitcoin transactions. It carries the transaction details and metadata needed for signing and broadcasting while preserving privacy and auditability.

Air gap explained

An air-gapped device has no direct network connection. In practice, this means you transfer data in offline-friendly formats such as QR images or files on removable media. Because your signing keys live only on the air-gapped device, remote attackers cannot reach them over the internet.

Signing offline puts you in control. If your exchange account or email is compromised, an air-gapped PSBT workflow ensures your private keys still control your Bitcoin.

Step-by-step: A practical air-gapped PSBT workflow

1. Prepare a watch-only wallet

On your online machine install a wallet capable of importing an xpub or descriptor. Import the public keys for the address set you control so the watch-only wallet can see funds and build transactions. This wallet will also be used to broadcast signed transactions.

2. Create the unsigned PSBT

Use the watch-only wallet to select UTXOs, enter destination addresses and fees, then choose the option to export the transaction as a PSBT file or QR. Double-check the amounts and destination addresses. This unsigned PSBT contains the spending intent but not the signatures.

3. Transfer the PSBT to the offline signer

Move the PSBT file via a transfer medium you trust. For full air-gap, scan a QR code displayed on the online device with a camera attached to the offline device, or export the PSBT to a microSD card and insert it into the offline machine. Avoid using general-purpose cloud storage or devices that have been connected to unknown networks.

4. Verify details on the offline device

On the offline signer, open the PSBT and verify every element: inputs, outputs, change, and fee. Confirm the destination address matches what you intended and that there are no unexpected outputs. If anything looks wrong, abort and investigate.

5. Sign the PSBT

Use your private key or hardware wallet attached to the offline device to sign the PSBT. The device will produce a partially or fully signed PSBT depending on whether other cosigners are needed. After signing, export the signed PSBT or a hex payload back to your transfer medium.

6. Broadcast the signed transaction

Move the signed PSBT back to your online watch-only wallet and import it. The wallet should recognize the signed PSBT and allow you to broadcast the finalized transaction to the Bitcoin network. Confirm the broadcast and monitor the transaction until it is mined.

Common workflow variations

  • Multisig setups - each cosigner can be an air-gapped signer. PSBT handles partial signatures cleanly so multisig remains practical and safe.
  • Hardware wallets - many hardware wallets can be part of an air-gapped process using QR or microSD. Follow vendor guidelines for secure firmware and seed generation.
  • Fully offline signing with metal backups - combine steel seed backups with PSBT to make sure recovery is possible without internet exposure.

Security best practices and hardening

Protect your seed and devices

  • Generate seeds in a trusted, offline environment. Consider dice entropy or hardware wallet generation rather than online tools.
  • Store multiple encrypted backups on steel or other durable media in geographically separated locations.
  • Keep firmware updated using a trusted process but avoid updating on an air-gapped device unless you can verify the image offline.

Operational security (OPSEC)

  • Do regular test transactions with small amounts until you are confident in the workflow.
  • Use dedicated, minimal offline devices for signing. Refrain from general web browsing on those machines.
  • Verify receive addresses on both sides of the workflow to protect against address substitution malware.

Legal and inheritance planning

Document your custody plan. In Canada consider how trustees or executors will access your seeds or multisig cosigners if you pass away. Use legal instruments, trusted custodians for non-urgent parts of your plan, or well-documented multisig arrangements to avoid single points of failure.

Troubleshooting and practical tips

What to do if a PSBT fails to import

Check that the PSBT version is supported by both wallets. Some wallets add metadata that others ignore, but signed inputs are standard. Export the transaction as hex if PSBT import fails and use a different compatible wallet to finalize.

Fee and UTXO management

Manage change outputs carefully. Watch-only wallets show your UTXOs so you can avoid dust or tiny UTXOs that raise fees. If you need to accelerate a transaction, use Replace-By-Fee or Child-Pays-For-Parent strategies via your online wallet after signing.

Testing before high-value transfers

Always run a full dry-run with a small amount. For Canadian users withdrawing from an exchange, send an initial test withdrawal to your watch-only address, confirm arrival, then proceed with the PSBT workflow for larger amounts.

Canadian context and real-world considerations

Canada has strong interest in Bitcoin adoption across retail investors and businesses. Exchanges operating in Canada require KYC under FINTRAC rules, which makes moving large sums slightly more visible but reduces certain counterparty risks. When withdrawing from Canadian exchanges, plan around daily limits, withdrawal windows, and banking policies. Avoid peer-to-peer Interac e-transfer transactions for large amounts with strangers. Use regulated exchanges for initial on-ramps, then move funds into your PSBT-based cold storage workflow for long-term custody.

Final checklist before you sign offline

  • Seed backed up and tested.
  • Offline device verified and fully air-gapped.
  • PSBT reviewed line by line for addresses and amounts.
  • Test transaction completed successfully.
  • Firmware and device provenance checked.

Conclusion

Air-gapped PSBT workflows are a practical, high-security method to exercise true self-custody over Bitcoin. For Canadians managing fiat onramps, regulatory requirements such as KYC, and a high-scam environment, the ability to create transactions online and sign them securely offline provides a powerful balance between usability and safety. Start small, practice the workflow, and document your recovery and inheritance plans. With consistent discipline, PSBT and air-gapped signing will help keep your Bitcoin safe for years to come.

If you are new to PSBTs, try a single test transaction, use well-known wallet software that supports PSBT, and consider discussing multisig or estate plans with a trusted, qualified advisor familiar with Canadian law.