Topic: How do you manage your private keys to make transactions? (offline storage) - page 2. (Read 516 times)

YES, I get those same exact fears in the back of my mind. One thing I want to try is to transfer data over an airgap via just a dumb QR code reader. Show QR on one screen, offline computer photographs it (with an offline camera peripheral) and decodes it, and then we could send information back to the online computer in the same way.

You can make a backup by encrypting a renamed text (notmyprvkey.txt) into a jpg (notmyprvkey.jpg) file containing the private key by compressing it using any 7zip tool together with a couple of real images.
Renaming the compressed file as "photos" or "porn" might deceive black hats.
This is better than just storing your backup in a hidden folder.

i have most of my coins stored in cold storage, both paper wallets and encrypted .dat files on thumb drives and CDs. moving my real cold storage (and restoring it to new cold wallets) is inconvenient and difficult by design. an air-gapped electrum wallet is definitely necessary for my day-to-day transactions. there's no way around that for me.

i only keep < 10% of my coins in air-gapped spending wallets.......but i'm still at a loss for how core's HD wallet seed is so much more secure than electrum's. my paranoia (which is pretty high level as it is!) is more about malware that makes its way onto the thumb drive i use to transfer/broadcast transactions.

Well, you could also make multiple copies of that piece of paper. Unlike cash, your bitcoins can be in multiple places at once, after all. Imagine losing your wallet on the subway, with all your cash in it, but wait! You have a backup at home! And a potential thief who finds the wallet can't access your cash without a password anyways.

I have trouble remembering places "I can’t write my private key on a paper"So that I use technology.
1.1password: password manager for all my private keys and words. watch this https://www.youtube.com/watch?v=mcly2-b1W20
2. Hardware wallets: i use this cryptosteel "Cryptosteel comes with more than 250 stainless steel letter tiles engraved on each side. Codes and passwords are assembled manually from the supplied part-randomized set of tiles. Users are able to store up to 96 characters worth of confidential information in minutes, guaranteeing safety of the data with no need for specialized tools or third-party involvement.[Source and read full]"

I thought it is possible to assemble a tx completely on live net, with the watch-only address.
Then you’d bring the unsigned tx to the cold storage machine, and sign it. Then bring it back to the online machine, and send it... this would remove the burden of manually playing with the in and outs.

What's wrong with Electrum? I think you are very flexible with Electrum. You could use Electrum with 2 of 2 multisig (one seed on an online computer and another seed on an offline computer). You use the online wallet to watch your balance and to generate the transactions (including the first signature) then the offline wallet for the second signature and then again the online wallet to broadcast the transaction. You can do this very easily with Electrum. Or you could use 2 of 2 multisig with Electrum and a hardware wallet (one seed from Electrum and one seed from the hardware wallet). Or even 3 of 3 multisig with one Electrum online seed, one electrum offline seed and one hardware wallet seed.

Besides, Electrum is the first and currently only wallet that supports native segwit (bech32 addresses that start with bc1...).

I just can't trust hardware wallets. I think airgapped linux laptop is the way to go, but im still unsure how to go about signing offline transactions... I tried to practice with testnet coin. Got a testnet node synced and set another testned core wallet on the offline machine, then I put the public keys on the online node to see my funds in watch-only mode, but crating the transactions is too complicated if you need to pick specific inputs. I mean, it's like trying to do the "Coin Control" part of the GUI but manually... a pain in the ass indeed.

You don't have to do this. You can create your own seed offline and insert it in the machine. They'll recognise anything that's valid. Beyond that I do wonder how many other horrors will be uncovered in the years to come with hardware wallets. The spoils would be humongous.

I used to be all paper. Now I'm all hardware.

The third option sounds cool but far too much ball ache. If I'm to spend at the moment I'll get rid of one of my numerous forks, stick the proceeds in a phone wallet and go retail crazy.

There are three ways that I can think off to store your private keys safely (offline)

1) Having a hardware wallet (Trezor, Ledger, and so on). The problem: Having to trust their custom RNG, their while hardware, that there will be no surprises (see trezord.exe phoning home)

2) Having a paper wallet (encrypted with BIP38). The problem: You can easily lose a piece of paper. The paper can also degrade over time. You would be also stuck with a single public key to get payments, so you would need one piece of paper per address... not good if you need to create new addresses constantly to relieve payments. Controlling coin inputs and outputs it's also harder without software involved.

3) Having an offline airgapped computer with Linux: This looks like the safest option to me. The problem: You need to pre-sign the transactions and Bitcoin Core does not have good support to do this so you are stuck with making raw transactions by hand which is a bit of a mess, then you need to pass this raw transaction into your online node. Armory has a nice GUI to do this but I wouldn't trust it too much. Electrum.. wouldn't trust my main stack to be held by an Electrum wallet (too paranoid about the seed being derived somehow)

So how do you personally manage your private keys in cold storage in order to make your transactions?