CertainKey produces audit-ready PDF reports that prove your fund's Bitcoin balance and key control through cryptographic verification. Provide your wallet descriptor, sign a challenge with your hardware wallet, and receive a professional report your auditor will actually accept.
On-chain balance computed by scanning all derived wallet addresses and summing confirmed transaction outputs at your chosen snapshot block height.
BTC balance converted to AUD at the snapshot date using Australian exchange data (Bitaroo, with CryptoCompare fallback). Exchange rate and source documented in the report.
Each key holder signs a unique cryptographic challenge with their hardware wallet. Signatures are verified automatically, proving individual control without moving any funds.
For multisig wallets, key participation is rated against the quorum threshold. Full participation earns an A+ rating. The report clearly states whether quorum was met or exceeded.
Fund name, ABN, and trustee structure. This identifies the entity in the final report.
Paste or scan your wallet output descriptor and choose your balance snapshot date — financial year end or a specific date. CertainKey parses the descriptor to identify your wallet type, keys, and quorum requirements.
A unique cryptographic challenge is generated for each key. Sign it with your hardware wallet — SeedSigner, ColdCard, Ledger, Trezor, or any wallet that supports message signing. QR codes are provided for air-gapped devices. For multisig wallets, share a link with co-signers so they can sign remotely.
Preview your report details — balance, exchange rate, key verification status — and complete payment via Bitcoin (Lightning or on-chain through BTCPay Server) or card.
Add your signature to the customer declaration, choose your report type, and your PDF is generated instantly. A SHA-256 hash is stored so anyone can verify the report's authenticity at any time.
Bitcoin Balance and Control
A professional PDF that gives your auditor everything they need to sign off on your fund's Bitcoin holdings — without requiring any Bitcoin expertise on their part.
Enhanced
Includes the complete wallet descriptor, cryptographic signatures, and key holder fingerprints. Allows independent reproduction of the verification.
Standard
Includes only a SHA-256 hash of your descriptor. Your addresses and extended public keys are never revealed.
All workflow data is AES-256-GCM encrypted in the database. Decrypted only server-side during active processing.
Your wallet descriptor, signatures, and key data are automatically purged after 90 days. Only the one-way SHA-256 report hash is retained for ongoing verification.
Standard reports include only a hashed wallet descriptor — no addresses or transaction history. Enhanced reports include the full descriptor for independent auditor verification. You choose which to generate.
Passkey-only login. No passwords to leak, no accounts to compromise. Your passkey stays on your device.
All personal and financial data is handled in accordance with the Australian Privacy Act 1988 (Cth).
per verification report
Pay with Bitcoin (Lightning or on-chain) or card
Never. CertainKey only sees the public components of your wallet descriptor and the signatures you provide. Private keys never leave your hardware wallet. The verification proves you control the keys — it doesn't require you to share them.
No. CertainKey produces a technical verification report — it confirms on-chain balance and key control at a specific point in time. It's designed to support your SMSF audit, not replace it. Your auditor uses it as evidence alongside their own procedures.
Any wallet that can export an output descriptor and sign a message. This includes Sparrow Wallet, ColdCard, SeedSigner, Nunchuk, Ledger, and Trezor. Both single-sig and multisig configurations are supported, across all standard address types (SegWit, Taproot, Legacy).
You can re-download your report from the CertainKey dashboard for as long as your session data is retained (90 days). After that, the report data is purged — but the SHA-256 hash remains on file permanently, so any copy of the PDF can still be verified as authentic.
Each key holder receives a unique signing link. They open it in their browser, see the challenge message and a QR code (for air-gapped devices), sign with their hardware wallet, and submit. The main session updates automatically as each signer completes their step — no coordination required beyond sharing the link.
Yes. Any holder of a CertainKey report can upload it to the verification portal to confirm its SHA-256 hash matches the original. Enhanced reports additionally include all the raw data needed to reproduce the verification against the Bitcoin blockchain.
CertainKey's signature verification logic is built on Gatekeeper, an open-source tool you can run yourself.
Browser-based Bitcoin signature verification for multisig wallets. Supports BIP-322 and BIP-137 across all address types. Nothing is transmitted — your keys never leave your device.
CertainKey is operated by David Pinkerton, based in Brisbane, Australia. David's background spans cybersecurity consulting (CyberCX), Bitcoin industry roles, and infrastructure engineering. He holds CompTIA Security+ and Network+ certifications.
If you hold Bitcoin in an SMSF and need a verification report, or you're an accountant looking for something better than screenshots, get in touch.
Encrypted channels available: Signal, SimpleX, or PGP. Request details via email.