Trezor Bridge
Secure desktop bridge for hardware wallets

Trezor Bridge: Connect your Trezor device securely

Trezor Bridge is a lightweight native daemon that enables browsers and applications to communicate with Trezor hardware wallets. This guide covers installation, secure configuration, troubleshooting steps, and developer integration best practices to ensure reliable connectivity.

Installation & Setup

Trezor Bridge runs as a background service and exposes a local HTTP API (typically on localhost). Installing the Bridge on your system allows your browser and desktop applications to securely detect and communicate with your Trezor device. Follow platform-specific instructions and grant any OS-level permissions requested during install.

Platform steps (summary)

  • Windows: Download the .msi installer, run the installer as Administrator, and allow the driver if prompted.
  • macOS: Install the .dmg and move Bridge to Applications. Grant system permissions if prompted (e.g., network loopback).
  • Linux: Use distribution packages or AppImage; ensure udev rules are in place so non-root users can access the USB device.

Security considerations

Bridge communicates only with the local host by default. Confirm your firewall and OS settings do not expose the Bridge to external networks. Verify checksums or signatures if provided, and always use the official trezor.io download page.

Troubleshooting

Common problems include device not detected, browser failing to connect, or Bridge service not running. Use the diagnostic steps below to resolve the majority of issues.

Diagnostic checklist

  1. Confirm USB cable and port are functional; try a direct USB port instead of a hub.
  2. Open system task manager and verify the Bridge process is running (trezord or trezor-bridge on some platforms).
  3. Use the official Trezor Suite utility to check device connectivity; it will display connection status and logs.
  4. Temporarily disable browser extensions that interact with webUSB or the network if they interfere.

Advanced log inspection

On advanced systems, inspect logs for the Bridge daemon. On Linux, systemd logs (journalctl) may show permission or device errors. On Windows, review Event Viewer or the Bridge log files stored in the user's profile directory.

// Example: check service status (Linux)
sudo systemctl status trezor-bridge.service

// Example: list connected USB devices
lsusb -v | grep -i trezor

Developer Integration

Developers use Trezor Connect or the Bridge HTTP API to integrate hardware wallet operations into web applications. The Bridge exposes endpoints for device enumeration, firmware updates, and cryptographic operations. For production apps, enforce strict Content Security Policy, require user gestures for actions, and implement server-side verification for any signed payloads.

Example: minimal Connect flow

/* Pseudo-code: request device */
fetch('http://127.0.0.1:21324/info')
  .then(r => r.json())
  .then(info => console.log('Bridge version', info.version));

Security for integrators

  • Do not rely solely on client-side signals; perform server-side validation.
  • Use firmware verification checks before asking users to sign transactions.
  • Prompt users to confirm transaction details on the physical device — never rely on the host UI only.

FAQ & Recovery

Q: Bridge not opening after install?
A: Reboot the computer, reinstall Bridge, and check OS permissions. On Linux, make sure udev rules are applied and the user is in the correct group.

Q: Can Bridge be restricted to certain apps?
A: Bridge accepts connections on localhost; consider using OS firewall rules or application-level permission gates to restrict which apps can reach Bridge.