How do you send seed words over the Internet/unprotected or unencrypted network?

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: Husires on November 22, 2021, 03:45:57 PM

I have a small question, I want to send money from wallet (A) to (B){trusted party} and instead of creating a transaction, asking the other party to create a new wallet, I want to send the same wallet seed words over the Internet or take the worst case through a monitoring network.

This can go wrong on so many levels: apart from a third party stealing your funds, you'll also double the exposure by adding them to 2 different wallets on 2 different systems, and you can't ever verify if the receiving person claims it was stolen. So don't do it

If you really have to send seed words over the internet, I'd say split them up. Use different media, ideally from different systems, to send a few words at a time.

Quote from: pooya87 on November 24, 2021, 12:20:16 AM

First go to the appropriate window in Electrum

Mind blown! I never new this exists (despite opening the Tools menu many countless times)!

BlackHatCoiner

legendary

Activity: 1512

Merit: 7340

Farewell, Leo

I wouldn't feel safe if I had to exchange public keys using a third party, especially if I had to transfer a seed phrase. They could attack me man-in-the-middle-ly; since we've long got rid of the third party why don't you use the censorless blockchain for exchanging keys?

As pooya87 pointed out, use ECIES. Both of you send to the each other few sats from the address you'll use to reveal the public keys and confirm you received the money. Assuming you both run your own node, you can encrypt without trusting anyone that they won't replace your public key with theirs.

Pmalek

legendary

Activity: 2730

Merit: 7065

Farewell, Leo. You will be missed!

I understand what you are talking about and you have already been offered the best ways to encrypt that sensitive data.
What I don't understand is why you want all that to be public? In your OP, you mentioned that the data could be posted publicly on the forum. Why a public post instead of an encrypted email client like Protonmail or at least the forum's PM system?

You said that it's a trusted party. You might as well make the deal in private. Or do you need to make it public so that you can show someone a link, such as a tweet or a forum post as proof?

pooya87

legendary

Activity: 3444

Merit: 10537

Quote from: ?? on ??

You're referring to "Encrypt/decrypt message" tools, right?

Yes.

Quote from: Husires on November 23, 2021, 09:44:39 AM

How? Suppose the wallet seeds are:
word1 word2 word3 word4 word5 word6 word7 word8 word9 word10 word11 word12

That's a string and can be converted to a byte array and then encrypted the same way you encrypt any other array.
For example lets encrypt the following seed phrase with genesis block's public key:

Code:

ozone drill grab fiber curtain grace pudding thank cruise elder eight picnic

First go to the appropriate window in Electrum

Then enter the seed in Message textbox and the public key in Public key textbox and finally click Encrypt.

What happens under the hood is that an encryption key is produced using the given public key but in a way that it can only be reproduced if you have the private key of that public key. Then we encrypt the message using this key. Since the receiver has the private key, they can decrypt it easily.

PawGo

legendary

Activity: 952

Merit: 1367

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

Quote from: Upgrade00 on November 22, 2021, 04:04:41 PM

Quote from: Husires on November 22, 2021, 03:45:57 PM

What is the appropriate method or encryption tool?

You can use PGP encryption.

It would be less cumbersome to use SFTP as the transportation method as the diffie-hellman handshake is implied in this protocol. This means you don't have to keep an extra clear-text copy first before you encrypt it. Worse, it has to be saved in a file as most PGP encryptors do not support encryption Ofer standard input of a terminal.

HTTPS over an intranet (*not the internet* as the encrypted wallet can be intercepted during transit and decrypted after a few decades, as old ciphers become weaker) is also fine as long as a strong enough handshake algo is chosen (read: TLS 1.2 or 1.3 family of ciphers) AND the receiving machine is known to be trusted.

Quote from: Husires on November 23, 2021, 09:44:39 AM

Quote from: Upgrade00 on November 22, 2021, 04:04:41 PM

You can use PGP encryption.

Quote from: Charles-Tim on November 22, 2021, 04:26:46 PM

You can use the PGP encryption, it is one of the safest method

Quote from: pooya87 on November 23, 2021, 12:04:29 AM

person's public key and encrypt your "message" that is the seed phrase with it and then send the encrypted result to them.

How? Suppose the wallet seeds are:

word1 word2 word3 word4 word5 word6 word7 word8 word9 word10 word11 word12

Save this in a text file (INSECURE) then use a GPG program such as Kleopatra to create a keypair, and then press the "Encrypt" button to make a PGP-encrypted version of the file. The plain text file can then be deleted manually, but it can still be recovered using data recovery programs.

Husires

legendary

Activity: 1582

Merit: 1284

Quote from: Upgrade00 on November 22, 2021, 04:04:41 PM

If you do send it through to them, I would consider it quite risky to hold funds in a wallet that has been sent over the internet

Quote from: o_e_l_e_o on November 22, 2021, 04:29:41 PM

You can now both control the coins, so neither of you have ownership since they could be moved by the other party at any time.

Quote from: pooya87 on November 23, 2021, 12:04:29 AM

This is not how bitcoin works and it should never be this way either. You must send a transaction.

sometimes there is a need to send wallet seed instead of making a transaction and I can give some examples of that:

Privacy: I do not want transactions to appear on the blockchain.
Buying an old wallet: Maybe about tax reports and someone might want a wallet that contains coins from 2015.
Claiming hardforks.

I could give more examples, but let's focus on that we want to send the seed words to a second party and all the conversations will take place in public.

Quote from: Upgrade00 on November 22, 2021, 04:04:41 PM

You can use PGP encryption.

Quote from: Charles-Tim on November 22, 2021, 04:26:46 PM

You can use the PGP encryption, it is one of the safest method

Quote from: pooya87 on November 23, 2021, 12:04:29 AM

person's public key and encrypt your "message" that is the seed phrase with it and then send the encrypted result to them.

How? Suppose the wallet seeds are:

word1 word2 word3 word4 word5 word6 word7 word8 word9 word10 word11 word12

pooya87

legendary

Activity: 3444

Merit: 10537

This is not how bitcoin works and it should never be this way either. You must send a transaction.

But if the seed phrase is to be sent, it must be encrypted as others pointed out too but instead of using PGP you can use the same cryptography algorithms used in bitcoin. One way is to use ECIES. It is pretty much the same as PGP, you take the other person's public key and encrypt your "message" that is the seed phrase with it and then send the encrypted result to them.
This is protected by Elliptic Curve Cryptography (same used in every bitcoin transaction) and AES encryption which is very strong and is commonly used to encrypt wallet files.

Electrum has an implementation of it so it is very convenient to use compared to PGP.

dkbit98

legendary

Activity: 2212

Merit: 7064

Cashback 15%

I wouldn't suggest sending seed words or private keys online in any way online even if they are encrypted and protected with some password.
There are multiple mistakes you or other party can make in this process and you are increasing risk of compromising everything, and you should use that seed words in future.
Fees on Bitcoin blockchain are usually lower in last few weeks so you can send BTC for minimum 1 sat/vB to his address and avoid any complications.
One potentially interesting idea for doing this is using Mercury wallet and sending statechains, but it is still in early beta phase.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18509

Why? You are not sending coins to the other party then, you are sending keys which you still possess. You can now both control the coins, so neither of you have ownership since they could be moved by the other party at any time. If the other party wants to take control of the coins, he is going to have to make a transaction to move the coins to his own wallet anyway.

If I absolutely had to give a wallet to someone else, I would do so offline, either via a piece of paper or a USB drive which only interacts with airgapped computers. If I absolutely had to send a seed phrase across the internet, I would ask the other party to set up at least 2 different devices storing different PGP key pairs with different strong passwords and share his public keys online. I would then, on an airgapped device, split the seed phrase in to at least two parts, encrypt each part with a different public key, and then send him each encrypted message via a different medium of secure communication, such as ProtonMail or Signal, and not WhatsApp or Twitter.

If a malicious third party knew you were going to do this, you would have to take steps to ensure that the public keys you are receiving from the other party are genuine and had not been tampered with.

Charles-Tim

legendary

Activity: 1512

Merit: 4795

You can use the PGP encryption, it is one of the safest method

[Eng: Tutorial] PGP Signature - Encrypt/Decrypt message - Fingerprint

The receiver will need to generate private key and public key. The receiver will send you his public key. You will use the public key to encrypt the message (the seed phrase or anything you do not want public to see). Send the encrypted message to the receiver to decrypt it. As easy as that.

Edit: should be done on an airgapped device as suggested by o_e_l_e_o (both parties, I mean both the encryption and decryption)

Upgrade00

legendary

Activity: 2030

Merit: 2174

Professional Community manager

My suggestion would be to rather ask them to create a new wallet address. If you do send it through to them, I would consider it quite risky to hold funds in a wallet that has been sent over the internet, regardless if the encryption tool that was used as you're not certain who is reading those messages. The user in the other end may still have to create a new address and send it there for safekeeping

Quote from: Husires on November 22, 2021, 03:45:57 PM

What is the appropriate method or encryption tool?

You can use PGP encryption.

Husires

legendary

Activity: 1582

Merit: 1284

I have a small question, I want to send money from wallet (A) to (B){trusted party} and instead of creating a transaction, asking the other party to create a new wallet, I want to send the same wallet seed words over the Internet or take the worst case through a monitoring network.

What technical tips can I use to ensure that the words will reach the other party and no one can know them? Let's use, for example we will contact using:

WhatsApp or Twitter.
Public posting in the forum.

What is the appropriate method or encryption tool?

Topic: How do you send seed words over the Internet/unprotected or unencrypted network? (Read 204 times)