[coinbase-craig]

Coinbase stores one private key that we can access, and one private key that is encrypted with the user's vault password on the front-end and sent to us encrypted for storage. The third key is the user's and we never see that.

We have no ability to access multisig vault funds without the user passphrase, which never touches our server.

[STRML]

Is there a way to sign a transaction offline but still run it through Coinbase? When it comes to decrypting private keys in the browser, unless the user inspects the javascript each and every time they use the site, there is no guarantee that it hasn't been silently replaced by code that steals keys.

[coinbase-craig]

Yes, you can sign a transaction offline using our multisig vault recovery tool, which is open source:

https://github.com/coinbase/multisig-tool

You can use it to generate a transaction payload which can be broadcast from a client of your choice, including Toshi, our open source bitcoin node:

https://toshi.io/docs/#relay-transaction

[STRML]

Excellent! Thank you for putting forth the extra effort and thinking this through. Many comparable online solutions in the Bitcoin space do not offer similar offline tools, making them a non-starter for business use.

[adrianmacneil]

Yes. You can sign transactions completely independently from Coinbase, provided you have your private key, encrypted shared key, and passphrase (the two keys are provided on a sheet of paper which you print out during vault creation).

https://github.com/coinbase/multisig-tool