This page explains advanced transaction flows you may encounter when using a hardware wallet for non-standard operations: signing messages, moving or transferring Bitcoin Ordinals (inscriptions), and building or signing raw transactions. I have used hardware wallets since 2017 and in my testing these advanced tasks are where good procedure matters most. Short version: the device never releases private keys, but you must verify what it displays.
Who this is for: an experienced beginner or intermediate crypto holder who already understands sending/receiving and now needs to sign non-standard transactions (proof-of-ownership, ordinals, custom PSBTs). If you're setting up a device for the first time, start with setup basics and seed phrase basics.
Message signing lets you cryptographically prove ownership of an address by signing an arbitrary message with the private key for that address. Use cases? Proving ownership for a sale, KYC-free proofs, or proving control of an address to a service. Simple.
How it works (high level): your wallet software constructs a message digest and asks the hardware wallet to sign it. The private key stays inside the secure element and the signature is returned to the host app for verification.
Step-by-step (typical):
Verify every number and address. I noticed that small UX differences between host apps mean you should always confirm the address on the device screen before approving.
And remember: signing arbitrary messages can be used to link identity to funds. Be careful what you sign.
Ordinals (Bitcoin inscriptions) embed data into individual satoshis. Transferring an inscribed satoshi can require a custom transaction structure that some wallet GUIs do not fully display. So how do you treat this with a hardware wallet? Use a PSBT-aware workflow and a compatible ordinals wallet or builder.
Key points:
Want to move an inscription safely? Export the unsigned PSBT from the ordinals tool, sign it on-device, and only broadcast the signed PSBT after verifying all outputs on the hardware wallet.
PSBT (Partially Signed Bitcoin Transaction) is the modern, safer format for multi-party and hardware signing. Raw hex can work (some command-line tools produce it), but raw hex lacks contextual metadata and is harder to verify on-device.
Comparison table:
| Method | Pros | Cons | Typical use case |
|---|---|---|---|
| PSBT | Preserves input metadata; standard; hardware-friendly | Requires PSBT-aware builder | Ordinals, offline signing, complex UTXO setups |
| Raw hex | Simple text format; accepted by many nodes | Hard to verify on-device; risk of missing UTXO context | Low-level scripting or advanced node ops |
| Message sign | Proves address control; minimal | Not a spend; only attestation | KYC, proof-of-ownership |
Step-by-step PSBT signing (typical):
If the host offers a raw-hex path, treat it as advanced: double-check UTXO ordering and change addresses, and prefer air-gapped workflows when possible.
The secure element inside a hardware wallet holds private keys and performs signing operations. The device screen is the single source of truth for amounts and addresses (not the host app). So always verify what appears on the device before approving.
Air-gapped signing (using QR codes or SD card transfers) reduces attack surface by keeping the host offline during signing. Read more in the air-gapped signing guide.
Firmware matters. Verify firmware authenticity and update only from official sources; see the firmware updates and verification walkthrough.
Using a passphrase (the so-called 25th word) creates hidden accounts from the same seed phrase. This is powerful but risky: if you forget the passphrase, funds are unrecoverable. I believe passphrases are best for discretionary access control, not as a primary backup method.
Multi-signature setups spread control across multiple keys and devices. Multisig improves resilience (single-device loss is not fatal) but adds complexity: keep compatibility in mind and practice restores. For an advanced multisig guide, see multisig setup.
But remember: multisig requires careful key management and recovery planning.
Quick compatibility checklist before signing an ordinal or raw PSBT:
Step-by-step:
On-device verification: pause at every screen. If the change address is unfamiliar, cancel and investigate (this can prevent accidental fund redirection).
Q: Can I recover my crypto if the device breaks?
A: Yes. Recovery uses your seed phrase (recovery phrase) and passphrase if used. Practice a restore on a spare device or simulator; see recovery when device breaks.
Q: What happens if the company goes bankrupt?
A: Your private keys are yours. As long as you control the seed phrase and any passphrase, you can restore to other compatible wallets. See company bankruptcy and business risk for planning.
Q: Is Bluetooth safe for a hardware wallet?
A: Bluetooth is convenient but increases the attack surface compared with USB or air-gapped methods. For high-value or complex transactions (ordinals, raw PSBTs), prefer USB or air-gapped signing. Read more at connections USB Bluetooth NFC.
Advanced transaction signing asks two things of you: (1) choose the right signing format (PSBT whenever possible), and (2) verify everything on the device screen. I found that taking extra verification steps—checking change addresses, preferring PSBT, and using air-gapped flows for ordinals—reduces risk dramatically.
Want to go deeper? Read the PSBT walkthrough and the ordinals-specific guides listed above, and practice a full sign-and-restore cycle on a low-value test transaction before you move important assets. For firmware and update verification see firmware updates and verification.
Stay cautious. And double-check every output before you press confirm.