Author

Topic: How do you send seed words over the Internet/unprotected or unencrypted network? (Read 228 times)

legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
I have a small question, I want to send money from wallet (A) to (B){trusted party} and instead of creating a transaction, asking the other party to create a new wallet, I want to send the same wallet seed words over the Internet or take the worst case through a monitoring network.
This can go wrong on so many levels: apart from a third party stealing your funds, you'll also double the exposure by adding them to 2 different wallets on 2 different systems, and you can't ever verify if the receiving person claims it was stolen. So don't do it Smiley

If you really have to send seed words over the internet, I'd say split them up. Use different media, ideally from different systems, to send a few words at a time.

First go to the appropriate window in Electrum
Mind blown! I never new this exists (despite opening the Tools menu many countless times)!
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
I wouldn't feel safe if I had to exchange public keys using a third party, especially if I had to transfer a seed phrase. They could attack me man-in-the-middle-ly; since we've long got rid of the third party why don't you use the censorless blockchain for exchanging keys?

As pooya87 pointed out, use ECIES. Both of you send to the each other few sats from the address you'll use to reveal the public keys and confirm you received the money. Assuming you both run your own node, you can encrypt without trusting anyone that they won't replace your public key with theirs.
legendary
Activity: 2730
Merit: 7065
I understand what you are talking about and you have already been offered the best ways to encrypt that sensitive data.
What I don't understand is why you want all that to be public? In your OP, you mentioned that the data could be posted publicly on the forum. Why a public post instead of an encrypted email client like Protonmail or at least the forum's PM system?

You said that it's a trusted party. You might as well make the deal in private. Or do you need to make it public so that you can show someone a link, such as a tweet or a forum post as proof?
legendary
Activity: 3472
Merit: 10611
You're referring to "Encrypt/decrypt message" tools, right?
Yes.

How? Suppose the wallet seeds are:
word1 word2 word3 word4 word5 word6 word7 word8 word9 word10 word11 word12
That's a string and can be converted to a byte array and then encrypted the same way you encrypt any other array.
For example lets encrypt the following seed phrase with genesis block's public key:
Code:
ozone drill grab fiber curtain grace pudding thank cruise elder eight picnic
First go to the appropriate window in Electrum


Then enter the seed in Message textbox and the public key in Public key textbox and finally click Encrypt.


What happens under the hood is that an encryption key is produced using the given public key but in a way that it can only be reproduced if you have the private key of that public key. Then we encrypt the message using this key. Since the receiver has the private key, they can decrypt it easily.
legendary
Activity: 952
Merit: 1385
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
What is the appropriate method or encryption tool?
You can use PGP encryption.

It would be less cumbersome to use SFTP as the transportation method as the diffie-hellman handshake is implied in this protocol. This means you don't have to keep an extra clear-text copy first before you encrypt it. Worse, it has to be saved in a file as most PGP encryptors do not support encryption Ofer standard input of a terminal.

HTTPS over an intranet (*not the internet* as the encrypted wallet can be intercepted during transit and decrypted after a few decades, as old ciphers become weaker) is also fine as long as a strong enough handshake algo is chosen (read: TLS 1.2 or 1.3 family of ciphers) AND the receiving machine is known to be trusted.

You can use PGP encryption.

You can use the PGP encryption, it is one of the safest method

person's public key and encrypt your "message" that is the seed phrase with it and then send the encrypted result to them.


How? Suppose the wallet seeds are:

word1 word2 word3 word4 word5 word6 word7 word8 word9 word10 word11 word12

Save this in a text file (INSECURE) then use a GPG program such as Kleopatra to create a keypair, and then press the "Encrypt" button to make a PGP-encrypted version of the file. The plain text file can then be deleted manually, but it can still be recovered using data recovery programs.
legendary
Activity: 1596
Merit: 1288
If you do send it through to them, I would consider it quite risky to hold funds in a wallet that has been sent over the internet
You can now both control the coins, so neither of you have ownership since they could be moved by the other party at any time.
This is not how bitcoin works and it should never be this way either. You must send a transaction.

sometimes there is a need to send wallet seed instead of making a transaction and I can give some examples of that:


  • Privacy: I do not want transactions to appear on the blockchain.
  • Buying an old wallet: Maybe about tax reports and someone might want a wallet that contains coins from 2015.
  • Claiming hardforks.

I could give more examples, but let's focus on that we want to send the seed words to a second party and all the conversations will take place in public.



You can use PGP encryption.

You can use the PGP encryption, it is one of the safest method

person's public key and encrypt your "message" that is the seed phrase with it and then send the encrypted result to them.


How? Suppose the wallet seeds are:

word1 word2 word3 word4 word5 word6 word7 word8 word9 word10 word11 word12
legendary
Activity: 3472
Merit: 10611
This is not how bitcoin works and it should never be this way either. You must send a transaction.

But if the seed phrase is to be sent, it must be encrypted as others pointed out too but instead of using PGP you can use the same cryptography algorithms used in bitcoin. One way is to use ECIES. It is pretty much the same as PGP, you take the other person's public key and encrypt your "message" that is the seed phrase with it and then send the encrypted result to them.
This is protected by Elliptic Curve Cryptography (same used in every bitcoin transaction) and AES encryption which is very strong and is commonly used to encrypt wallet files.

Electrum has an implementation of it so it is very convenient to use compared to PGP.
legendary
Activity: 2212
Merit: 7064
I wouldn't suggest sending seed words or private keys online in any way online even if they are encrypted and protected with some password.
There are multiple mistakes you or other party can make in this process and you are increasing risk of compromising everything, and you should use that seed words in future.
Fees on Bitcoin blockchain are usually lower in last few weeks so you can send BTC for minimum 1 sat/vB to his address and avoid any complications.
One potentially interesting idea for doing this is using Mercury wallet and sending statechains, but it is still in early beta phase.
legendary
Activity: 2268
Merit: 18711
Why? You are not sending coins to the other party then, you are sending keys which you still possess. You can now both control the coins, so neither of you have ownership since they could be moved by the other party at any time. If the other party wants to take control of the coins, he is going to have to make a transaction to move the coins to his own wallet anyway.

If I absolutely had to give a wallet to someone else, I would do so offline, either via a piece of paper or a USB drive which only interacts with airgapped computers. If I absolutely had to send a seed phrase across the internet, I would ask the other party to set up at least 2 different devices storing different PGP key pairs with different strong passwords and share his public keys online. I would then, on an airgapped device, split the seed phrase in to at least two parts, encrypt each part with a different public key, and then send him each encrypted message via a different medium of secure communication, such as ProtonMail or Signal, and not WhatsApp or Twitter.

If a malicious third party knew you were going to do this, you would have to take steps to ensure that the public keys you are receiving from the other party are genuine and had not been tampered with.
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
You can use the PGP encryption, it is one of the safest method

[Eng: Tutorial] PGP Signature - Encrypt/Decrypt message - Fingerprint

The receiver will need to generate private key and public key. The receiver will send you his public key. You will use the public key to encrypt the message (the seed phrase or anything you do not want public to see). Send the encrypted message to the receiver to decrypt it. As easy as that.

Edit: should be done on an airgapped device as suggested by o_e_l_e_o (both parties, I mean both the encryption and decryption)
legendary
Activity: 2114
Merit: 2248
Playgram - The Telegram Casino
My suggestion would be to rather ask them to create a new wallet address. If you do send it through to them, I would consider it quite risky to hold funds in a wallet that has been sent over the internet, regardless if the encryption tool that was used as you're not certain who is reading those messages. The user in the other end may still have to create a new address and send it there for safekeeping

What is the appropriate method or encryption tool?
You can use PGP encryption.
legendary
Activity: 1596
Merit: 1288
I have a small question, I want to send money from wallet (A) to (B){trusted party} and instead of creating a transaction, asking the other party to create a new wallet, I want to send the same wallet seed words over the Internet or take the worst case through a monitoring network.

What technical tips can I use to ensure that the words will reach the other party and no one can know them? Let's use, for example we will contact using:


  • WhatsApp or Twitter.
  • Public posting in the forum.

What is the appropriate method or encryption tool?
Jump to: