So in the case of a cold wallet (eg, Ledger, Trezor), I guess it's the wallet software that is generating all the necessary private and public keys, and then keeping track of all these keys.
In those examples wallets and others that use the same standards (
BIP44, 49, 84, 86);
The addresses are derived with the standard "
m/purpose'/coin'/account'/chain_index/address_index" derivation path from your "
master private key" (
m)
In which the specific private keys of each of your change addresses are derived with "
internal chain" (
1) chain_index; receiving addresses with "
external chain" (
0).
e.g. (
Native SegWit, Bitcoin, first account index):
- 1st change address: m/84'/0'/0'/1/0
- 2nd change address: m/84'/0'/0'/1/1
- 3rd change address: m/84'/0'/0'/1/2
- 1st receiving address: m/84'/0'/0'/0/0
- 2nd receiving address: m/84'/0'/0'/0/1
Since those "
cold wallets" are following the standard, it will use those derivation paths when restoring the wallet or when looking for the correct private key.