HCP:
Thanks! That worked.
Topic: How to set up a secure offline savings wallet (Read 2126 times)
No, you should use "standard wallet" and then on next screen you should see something like this:
Select the "Use public or private keys" option... then you'll get:
Where you can input the xpub.
I think those Electrum Docs might be getting a little old
Select the "Use public or private keys" option... then you'll get:
Where you can input the xpub.
I think those Electrum Docs might be getting a little old
jackg:
I'm asking about the Master Public Key, not the Public Keys.
Let me try explaining the problem again, but this time with screen shots.
From Electrum's website (http://docs.electrum.org/en/latest/coldstorage.html), it has this instruction, which I was able to do:
Then it has these instructions:
However, I'm not able to follow the above steps. When I run Electrum 2.8.2 on my Mac, I get the following pop-ups instead:
If I chose "Standard wallet", Electrum will provide me with a seed, prompt me for a password and create a new wallet. This is not what I want, as I do not want another standard wallet. I want a watching-only wallet. So, I chose "Watch Bitcoin addresses", which brings up the following pop-up:
If I enter the Master Public Key (that I copied from the offline wallet), the "Next" button stays greyed-out and inactive.
If I enter the Public Keys (for receiving funds, which I copied as well from the offline wallet), the "Next" button activates and I can proceed. Also, I know that I can check on blockchain.info for the balance and history of transactions for each particular Public Key. However, I don't want the hassle of copying over Public Keys every time I use another one on the offline wallet. I want the "watching-only" wallet to show all the transactions to all of the Public Keys from my offline wallet. Isn't this what the Master Public Key is supposed to enable the watching-only wallet to do?
How can I create an online watching-only wallet with the offline wallet's Master Public Key?
I'm asking about the Master Public Key, not the Public Keys.
Let me try explaining the problem again, but this time with screen shots.
From Electrum's website (http://docs.electrum.org/en/latest/coldstorage.html), it has this instruction, which I was able to do:
Then it has these instructions:
However, I'm not able to follow the above steps. When I run Electrum 2.8.2 on my Mac, I get the following pop-ups instead:
If I chose "Standard wallet", Electrum will provide me with a seed, prompt me for a password and create a new wallet. This is not what I want, as I do not want another standard wallet. I want a watching-only wallet. So, I chose "Watch Bitcoin addresses", which brings up the following pop-up:
If I enter the Master Public Key (that I copied from the offline wallet), the "Next" button stays greyed-out and inactive.
If I enter the Public Keys (for receiving funds, which I copied as well from the offline wallet), the "Next" button activates and I can proceed. Also, I know that I can check on blockchain.info for the balance and history of transactions for each particular Public Key. However, I don't want the hassle of copying over Public Keys every time I use another one on the offline wallet. I want the "watching-only" wallet to show all the transactions to all of the Public Keys from my offline wallet. Isn't this what the Master Public Key is supposed to enable the watching-only wallet to do?
How can I create an online watching-only wallet with the offline wallet's Master Public Key?
I too have a Mac.
For cold storage I use a pendrive with Tails OS installed (from the TOR). Tails comes with electrum builtin so you dont have to connect to the internet ever. Just enable persistent storage and set passowrd that's it.
For cold storage I use a pendrive with Tails OS installed (from the TOR). Tails comes with electrum builtin so you dont have to connect to the internet ever. Just enable persistent storage and set passowrd that's it.
As suggested, I booted up my Mac in offline mode with a bootable Mac OS USB stick. I installed Electrum 2.8.2 and created the offline wallet.
As per http://docs.electrum.org/en/latest/coldstorage.html, I copied the Master Public Key from the offline wallet and restarted my Mac in online mode. However, after that, I can no longer can follow the steps on Electrum's website. Electrum's website states:
Then it shows a screen shot of a pop-up with the option of "Restore a wallet or import keys". Then it says to "Paste your master public key in the box" and it shows a screen shot of a pop-up that says "Please enter a seed phrase, a master key, a list of Bitcoin addresses, or a list of private keys".
With my Electrum, it does not have the option of "Restore a wallet or import keys". However, my Electrum has "Wallet type" options of "Standard wallet" and "Watch Bitcoin addresses". If I choose "Standard wallet", Electrum will provide seed, prompt for password and create a new wallet, without enabling me to enter the Master Public Key. If I choose "Watch Bitcoin addresses", it shows a pop-up that says:
I pasted in my Master Public Key, but the "Next" button stays greyed-out and inactive.
How can I create a watching-only wallet with the offline wallet's Master Public Key?
As per http://docs.electrum.org/en/latest/coldstorage.html, I copied the Master Public Key from the offline wallet and restarted my Mac in online mode. However, after that, I can no longer can follow the steps on Electrum's website. Electrum's website states:
Quote
Create a watching-only version of your wallet
On your online machine, open up Electrum and select File -> New/Restore. Enter a name for the wallet and select “Restore a wallet or import keys”.
On your online machine, open up Electrum and select File -> New/Restore. Enter a name for the wallet and select “Restore a wallet or import keys”.
Then it shows a screen shot of a pop-up with the option of "Restore a wallet or import keys". Then it says to "Paste your master public key in the box" and it shows a screen shot of a pop-up that says "Please enter a seed phrase, a master key, a list of Bitcoin addresses, or a list of private keys".
With my Electrum, it does not have the option of "Restore a wallet or import keys". However, my Electrum has "Wallet type" options of "Standard wallet" and "Watch Bitcoin addresses". If I choose "Standard wallet", Electrum will provide seed, prompt for password and create a new wallet, without enabling me to enter the Master Public Key. If I choose "Watch Bitcoin addresses", it shows a pop-up that says:
Quote
Import Bitcoin Addresses
Enter a list of Bitcoin addresses. This will create a watching-only wallet.
Enter a list of Bitcoin addresses. This will create a watching-only wallet.
I pasted in my Master Public Key, but the "Next" button stays greyed-out and inactive.
How can I create a watching-only wallet with the offline wallet's Master Public Key?
One of the things you can do here is use a block explorer to track the public key.
I know if you type https://www.blockchain.info/xpub/[your public key here] then you can trace your transactions in and out of that wallet.
Otherwise, if a public key is entered and the box is still grey then it normally means that you have an invalid public key that you copied (though I may be wrong with this and it may be something else)?
As suggested, I booted up my Mac in offline mode with a bootable Mac OS USB stick. I installed Electrum 2.8.2 and created the offline wallet.
As per http://docs.electrum.org/en/latest/coldstorage.html, I copied the Master Public Key from the offline wallet and restarted my Mac in online mode. However, after that, I can no longer can follow the steps on Electrum's website. Electrum's website states:
Then it shows a screen shot of a pop-up with the option of "Restore a wallet or import keys". Then it says to "Paste your master public key in the box" and it shows a screen shot of a pop-up that says "Please enter a seed phrase, a master key, a list of Bitcoin addresses, or a list of private keys".
With my Electrum, it does not have the option of "Restore a wallet or import keys". However, my Electrum has "Wallet type" options of "Standard wallet" and "Watch Bitcoin addresses". If I choose "Standard wallet", Electrum will provide seed, prompt for password and create a new wallet, without enabling me to enter the Master Public Key. If I choose "Watch Bitcoin addresses", it shows a pop-up that says:
I pasted in my Master Public Key, but the "Next" button stays greyed-out and inactive.
How can I create a watching-only wallet with the offline wallet's Master Public Key?
As per http://docs.electrum.org/en/latest/coldstorage.html, I copied the Master Public Key from the offline wallet and restarted my Mac in online mode. However, after that, I can no longer can follow the steps on Electrum's website. Electrum's website states:
Quote
Create a watching-only version of your wallet
On your online machine, open up Electrum and select File -> New/Restore. Enter a name for the wallet and select “Restore a wallet or import keys”.
On your online machine, open up Electrum and select File -> New/Restore. Enter a name for the wallet and select “Restore a wallet or import keys”.
Then it shows a screen shot of a pop-up with the option of "Restore a wallet or import keys". Then it says to "Paste your master public key in the box" and it shows a screen shot of a pop-up that says "Please enter a seed phrase, a master key, a list of Bitcoin addresses, or a list of private keys".
With my Electrum, it does not have the option of "Restore a wallet or import keys". However, my Electrum has "Wallet type" options of "Standard wallet" and "Watch Bitcoin addresses". If I choose "Standard wallet", Electrum will provide seed, prompt for password and create a new wallet, without enabling me to enter the Master Public Key. If I choose "Watch Bitcoin addresses", it shows a pop-up that says:
Quote
Import Bitcoin Addresses
Enter a list of Bitcoin addresses. This will create a watching-only wallet.
Enter a list of Bitcoin addresses. This will create a watching-only wallet.
I pasted in my Master Public Key, but the "Next" button stays greyed-out and inactive.
How can I create a watching-only wallet with the offline wallet's Master Public Key?
It all depends on your personal level of paranoia required security... 
If you're booting a Live CD/USB image... that disables all network access, then I would say that one computer should work. Having a 2nd physical machine that has and will never be connected to the internet is just another layer of security... at the added cost of convenience and extra $.
MacOS vs Ubuntu is a bit like arguing which hand gun is safer, a Glock 9mm or a USP 45?... If used and handled properly, both are perfectly safe. If used carelessly, both are dangerous.
I'd probably suggest using the one you are most comfortable and familiar with. It should be (theoretically) easier for you to spot things that "Just Don't Look Right" on a system you know as opposed to something you have less experience with.
I see the lads in that other thread have sorted out your verification query... so I hope that goes well. From personal experience, using Electrum in an offline + online system works pretty well and isn't too difficult or cumbersome once you get a work flow sorted.
If you're booting a Live CD/USB image... that disables all network access, then I would say that one computer should work. Having a 2nd physical machine that has and will never be connected to the internet is just another layer of security... at the added cost of convenience and extra $.
MacOS vs Ubuntu is a bit like arguing which hand gun is safer, a Glock 9mm or a USP 45?... If used and handled properly, both are perfectly safe. If used carelessly, both are dangerous.
I'd probably suggest using the one you are most comfortable and familiar with. It should be (theoretically) easier for you to spot things that "Just Don't Look Right" on a system you know as opposed to something you have less experience with.
I see the lads in that other thread have sorted out your verification query... so I hope that goes well. From personal experience, using Electrum in an offline + online system works pretty well and isn't too difficult or cumbersome once you get a work flow sorted.
HCP:
Thanks for your reply and suggestions.
https://en.bitcoin.it/wiki/How_to_set_up_a_secure_offline_savings_wallet says to use the same physical machine to boot up Ubuntu in offline mode to create the offline wallet. Is this okay, or do I need two physical "air gapped" machines? Is it okay to boot up MacOS on the offline machine or is Ubuntu much more secure than MacOS?
You're right that Bitcoin Core doesn't sound "easy". I guess the other disadvantage of Bitcoin Core is that every time I want to use the online Bitcoin Core, I have to wait for it to synchronize the blockchain. I'll check out Electrum, but nothing seems to be completely easy. I posted a question at https://bitcointalk.org/index.php?topic=1046484.new#new to ask how to verify the Electrum download and signatures on a Mac.
Thanks for your reply and suggestions.
https://en.bitcoin.it/wiki/How_to_set_up_a_secure_offline_savings_wallet says to use the same physical machine to boot up Ubuntu in offline mode to create the offline wallet. Is this okay, or do I need two physical "air gapped" machines? Is it okay to boot up MacOS on the offline machine or is Ubuntu much more secure than MacOS?
You're right that Bitcoin Core doesn't sound "easy". I guess the other disadvantage of Bitcoin Core is that every time I want to use the online Bitcoin Core, I have to wait for it to synchronize the blockchain. I'll check out Electrum, but nothing seems to be completely easy. I posted a question at https://bitcointalk.org/index.php?topic=1046484.new#new to ask how to verify the Electrum download and signatures on a Mac.
I do not plan on spending the bitcoins in this wallet for a while. When I do need to spend, am I correct to assume that I will have to bite the bullet and run Bitcoin Core with wallet.dat in online mode and therefore risk the chance of getting hacked?
No. You do not. What you're really wanting is to create the encrypted cold storage wallet on your "air gapped" (ie. not networked) computer/OS. In this case, your Ubuntu USB Stick that has all the network stuff disabled. Take note of the public key/address that is generated.On your normal, everyday computer/OS, you would create a "watching only" wallet... you would do this by importing just the public key/address of your offline storage into a copy of Bitcoin Core on your online PC... This will enable you to see all the deposits/withdrawls into this address, without being able to authorise any withdrawls...
You deposit funds as normal, by receiving or sending funds to that address.
When it comes time to spend the bitcoins from the wallet:
1. You create an unsigned transaction using this "watching only" wallet (on the Online PC), as it would be fully aware of all the UTXOs in the address... (listunspent, createrawtransaction)
2. You then transfer this unsigned transaction (in a text file on a clean USB stick) to your offline PC.
3. You then sign this transaction using the Bitcoin Core on the Offline PC that has the appropriate private keys to do so... (signrawtransaction)
4. You transfer the signed transaction back to your Online PC
5. You use the Bitcoin Core on the Online PC to broadcast the transaction to the network... (sendrawtransaction)
My understanding is that while this is all technically possible with Bitcoin Core, it isn't "easy"... it involves handcrafting transactions etc... whereas Electrum makes this very very easy with a nice GUI implementation: http://docs.electrum.org/en/latest/coldstorage.html
I realise you are not keen on Electrum as you seem to think it may not be as widely peer reviewed as Bitcoin Core. I'd be surprised if it hasn't been thoroughly vetted, given how popular it is and the fact that it is open source. There are a lot of people who use Electrum (and Armory) for creating secure offline wallets. If they were not to be trusted, personally, I think we'd have seen evidence by now.
One last thing, I'd suggest that whatever method your choose... you should "experiment" with some smaller amounts to make sure you're comfortable with setting it, receiving coins and creating/sending transactions... before you set up your "permanent" offline wallet...
Thank you for your reply and suggestions.
I think if you're going to run another operating system as well then there are tools such as Microsoft's DISKPART.exe application that can extract data from any operating system that is installed on the computer (although this data should technically be encrypted with your login password - but it may not be very secure).
I'm not sure I understand what you mean by: "If you don't want to connect your ubuntu operating system to the internet at all then you should be fine just keeping your coins onto it." Bitcoin Core will create a new wallet.dat if one does not already exist in the default directory. Those above steps are instructing me to "run Bitcoin Core and close it again", which will create a wallet.dat if one does not exist. Then it tells me replace it with my wallet.dat from USB drive. I don't understand why these steps are telling me to do this. Why not copy wallet.dat from USB onto ~/.bitcoin directory before launching Bitcoin Core? That way, Bitcoin will use my wallet and not create a new one.
I'm not sure I understand your suggestion about extracting data from the operating system. Why do this? Regardless, I cannot use "Microsoft's DISKPART.exe" because I have a Mac.
Is it better to create a bootable Ubuntu USB stick than a bootable MacOS USB stick? In other words, is Ubuntu more bullet-proof than MacOS?
Do NOT connect to the internet until you want to retrieve your bitcoins. Doing so would be counter productive.
I do not plan on spending the bitcoins in this wallet for a while. When I do need to spend, am I correct to assume that I will have to bite the bullet and run Bitcoin Core with wallet.dat in online mode and therefore risk the chance of getting hacked?
Under "How to Retrieve Funds", it has these steps:
Why do this? Why not copy wallet.dat from USB onto ~/.bitcoin directory before launching Bitcoin Core? That way, Bitcoin will use my wallet and not create a new one.
If you don't want to connect your ubuntu operating system to the internet at all then you should be fine just keeping your coins onto it. Quote
- Run bitcoin client and close it again.
- Replace wallet.dat in ~/.bitcoin directory with wallet.dat from USB drive.
Why do this? Why not copy wallet.dat from USB onto ~/.bitcoin directory before launching Bitcoin Core? That way, Bitcoin will use my wallet and not create a new one.
I think if you're going to run another operating system as well then there are tools such as Microsoft's DISKPART.exe application that can extract data from any operating system that is installed on the computer (although this data should technically be encrypted with your login password - but it may not be very secure).
I'm not sure I understand what you mean by: "If you don't want to connect your ubuntu operating system to the internet at all then you should be fine just keeping your coins onto it." Bitcoin Core will create a new wallet.dat if one does not already exist in the default directory. Those above steps are instructing me to "run Bitcoin Core and close it again", which will create a wallet.dat if one does not exist. Then it tells me replace it with my wallet.dat from USB drive. I don't understand why these steps are telling me to do this. Why not copy wallet.dat from USB onto ~/.bitcoin directory before launching Bitcoin Core? That way, Bitcoin will use my wallet and not create a new one.
I'm not sure I understand your suggestion about extracting data from the operating system. Why do this? Regardless, I cannot use "Microsoft's DISKPART.exe" because I have a Mac.
Is it better to create a bootable Ubuntu USB stick than a bootable MacOS USB stick? In other words, is Ubuntu more bullet-proof than MacOS?
Step 5 states:
If we do this, then how is this an "offline savings wallet"?
Quote
- Connect to the internet.
If we do this, then how is this an "offline savings wallet"?
Do NOT connect to the internet until you want to retrieve your bitcoins. Doing so would be counter productive.
I do not plan on spending the bitcoins in this wallet for a while. When I do need to spend, am I correct to assume that I will have to bite the bullet and run Bitcoin Core with wallet.dat in online mode and therefore risk the chance of getting hacked?
You can boot ubuntu from a removable usb stick that should be fine.
However, there is considered to be a problem with the random number generation of linux software (and i'm not sure if this has been fixed yet)?
The idea of linux is that is it fairly immune from malware due to the security levels of the operating system, it doesn't make it impossible for something to sneak on.
I don't think you'll have to pull the battery out if it's not removable (that's probably ust to ensure the the computeris definitely off fully (which may be impossible as every computer has at least a clock that remains active that may still send a very small current through other parts of the computer).
Also you'll have to ensure that there is no problem with the usb drive that you use as they are still fairly bad at reliability over large amount of use (so ensure you put it on another USB stick/cd drive or any other storage medium if you can).
You cannot send transactions before the blockchain is downloaded. However, i'd recommend electrum.org if you wanted to do that (only use electrum.org to download their software). As they don't require you to download the blockchain. And you can place that on a separate removable USB stick as a portable version and it is then easier to acces across both platforms.
"~/.bitcoin" will be located on the ubuntu operating system on the USB stick.
A strong passphrase doesn't immunise your wallet from being hacked. It reduces the likelihood of it being hacked. Unless you use a fully randomized password of several megabytes of size (large enough for all the private keys)
If you're going to distribute it to the 5 friends, consider doing that offline (sending it using a flash drive or even a CD)
I don't think Electrum's source code will be as widely reviewed and scrutinized as Bitcoin Core. Hence, I'm a little leery of that.
That's probably quite reasonable, if you can, you may as well use the original software.
Can I copy the block folder from the Mac onto a second USB stick and then after booting up Ubuntu, copy the block folder and over-write the "~/.bitcoin" folder created by Bitcoin Core under Ubuntu on the Ubuntu USB stick? (To download the blockchain again on the Ubuntu stick will take 5 days minimally. I'm hoping to avoid this.)
You can do this, I'm not sure why you'd need to as you can just send money to the offline wallet without having the blockchain and unless you plan on briging it online immediately one day then this is not a requirement. If you do do this, then it still takes about the same time (or at least half of the same time) to reindex the blockchain (as in importing the blockchain to check if your addresses have already been used). If you have a virus that can be transferred from your computer to the device running ubuntu, then there's also a problem there as it fairly easy for you to not notice a virus amongst 100+ GB of blockchain.
Under "How to Deposit Funds", steps 7 and 8 state:
This means that Ubuntu will be online. Don't we want to keep Ubuntu offline? Shouldn't those steps be reversed?
Just DON'T connect that operating to the internet AT ALL (until you need to recover your funds afterwards). If you have a wireless connection, then it shouldn't automatically connect. If you have a wired connection, unplug the ethernet cable before even installing the ubuntu operating system (and ensure the operating system is definitely from ubuntu.com first - or a fairly trusted third party like github).Quote
- Shut down your computer, and boot Ubuntu (or Linux distribution of you choice) from a liveCD. This will not affect your current operating system.
- Disconnect machine from the internet.
This means that Ubuntu will be online. Don't we want to keep Ubuntu offline? Shouldn't those steps be reversed?
Under "How to Retrieve Funds", it has these steps:
Why do this? Why not copy wallet.dat from USB onto ~/.bitcoin directory before launching Bitcoin Core? That way, Bitcoin will use my wallet and not create a new one.
If you don't want to connect your ubuntu operating system to the internet at all then you should be fine just keeping your coins onto it. Quote
- Run bitcoin client and close it again.
- Replace wallet.dat in ~/.bitcoin directory with wallet.dat from USB drive.
Why do this? Why not copy wallet.dat from USB onto ~/.bitcoin directory before launching Bitcoin Core? That way, Bitcoin will use my wallet and not create a new one.
I think if you're going to run another operating system as well then there are tools such as Microsoft's DISKPART.exe application that can extract data from any operating system that is installed on the computer (although this data should technically be encrypted with your login password - but it may not be very secure).
Step 5 states:
If we do this, then how is this an "offline savings wallet"?
Quote
- Connect to the internet.
If we do this, then how is this an "offline savings wallet"?
Do NOT connect to the internet until you want to retrieve your bitcoins. Doing so would be counter productive.
If you have a mac with ad card slot and a large fast sd card, you can install a clean Mac OS on this sd card, boot the mac when it's completely not connected to internet, then it serves the same purpose as off line wallet, and you don't need to mess up with Linux (if you are famalier with it).
Or consider a hardware wallet if the coins you want to protect are important.
Or consider a hardware wallet if the coins you want to protect are important.
I just bought two new Sandisk USB sticks to get ready to build a bootable Ubuntu USB. I would much prefer to boot up Mac instead of Linux. Thanks for the suggestion. I have a SD slot. What is the advantage of booting up from a SD card instead from a USB stick?
Under "How to Retrieve Funds", step 5 states:
Quote
Connect to the internet.
If I do this, then how is this an "offline savings wallet"?
I'm leery of hardware wallets because I don't think their source code is as open nor as widely reviewed as Bitcoin Core's source code. Even if their source code is widely reviewed, how do you know that the hardware is running the same code?
If you have a mac with ad card slot and a large fast sd card, you can install a clean Mac OS on this sd card, boot the mac when it's completely not connected to internet, then it serves the same purpose as off line wallet, and you don't need to mess up with Linux (if you are famalier with it).
Or consider a hardware wallet if the coins you want to protect are important.
Or consider a hardware wallet if the coins you want to protect are important.
You can boot ubuntu from a removable usb stick that should be fine.
However, there is considered to be a problem with the random number generation of linux software (and i'm not sure if this has been fixed yet)?
The idea of linux is that is it fairly immune from malware due to the security levels of the operating system, it doesn't make it impossible for something to sneak on.
I don't think you'll have to pull the battery out if it's not removable (that's probably ust to ensure the the computeris definitely off fully (which may be impossible as every computer has at least a clock that remains active that may still send a very small current through other parts of the computer).
Also you'll have to ensure that there is no problem with the usb drive that you use as they are still fairly bad at reliability over large amount of use (so ensure you put it on another USB stick/cd drive or any other storage medium if you can).
You cannot send transactions before the blockchain is downloaded. However, i'd recommend electrum.org if you wanted to do that (only use electrum.org to download their software). As they don't require you to download the blockchain. And you can place that on a separate removable USB stick as a portable version and it is then easier to acces across both platforms.
"~/.bitcoin" will be located on the ubuntu operating system on the USB stick.
A strong passphrase doesn't immunise your wallet from being hacked. It reduces the likelihood of it being hacked. Unless you use a fully randomized password of several megabytes of size (large enough for all the private keys)
If you're going to distribute it to the 5 friends, consider doing that offline (sending it using a flash drive or even a CD)
I don't think Electrum's source code will be as widely reviewed and scrutinized as Bitcoin Core. Hence, I'm a little leery of that.
Can I copy the block folder from the Mac onto a second USB stick and then after booting up Ubuntu, copy the block folder and over-write the "~/.bitcoin" folder created by Bitcoin Core under Ubuntu on the Ubuntu USB stick? (To download the blockchain again on the Ubuntu stick will take 5 days minimally. I'm hoping to avoid this.)
Under "How to Deposit Funds", steps 7 and 8 state:
Quote
- Shut down your computer, and boot Ubuntu (or Linux distribution of you choice) from a liveCD. This will not affect your current operating system.
- Disconnect machine from the internet.
This means that Ubuntu will be online. Don't we want to keep Ubuntu offline? Shouldn't those steps be reversed?
Under "How to Retrieve Funds", it has these steps:
Quote
- Run bitcoin client and close it again.
- Replace wallet.dat in ~/.bitcoin directory with wallet.dat from USB drive.
Why do this? Why not copy wallet.dat from USB onto ~/.bitcoin directory before launching Bitcoin Core? That way, Bitcoin will use my wallet and not create a new one.
Step 5 states:
Quote
- Connect to the internet.
If we do this, then how is this an "offline savings wallet"?
After researching wallets, I think I like to stick with Bitcoin Core, because it seems the least risky. It seems the least risky because I'm guessing that its source code is reviewed by the most people. With some wallets, I don't think many people review the source code. I don't see how anyone can review the source code in a hardware wallet's firmware.
It seems that a very secure method is the following:
https://en.bitcoin.it/wiki/How_to_set_up_a_secure_offline_savings_wallet
"Setting up an offline wallet from scratch"
Under "How to Deposit Funds", step 7 states:
According to the link for liveCD (https://www.ubuntu.com/download/desktop), I can create a bootable Ubuntu USB stick from my Mac, which is what I'll do. When I do this, can malware get into my USB stick or into Ubuntu?
Step 11 states:
I have a Mac and cannot take out the battery. How important is this step?
Step 14 states:
Am I correct to assume that if the wallet.dat file is encrypted with a strong passphrase, then it should be safe and secure to allow anyone, even hackers, to take a copy of wallet.dat, because they won't be able to decrypt it?
Under "How to Retrieve Funds", it has these steps:
Step 4 states:
Where will this ~/.bitcoin directory be? Will it be on my Mac's hard drive or on the USB drive? (If Bitcoin Core (running under Ubuntu) creates this directory onto my Mac's hard drive, then this means I'll have 2 bitcoin directories on my Mac: one for Bitcoin Core that has already run under my Mac and another for Bitcoin Core running under Ubuntu.)
Step 5 states:
Why bother booting from Ubuntu (especially running it online) if the wallet.dat is already e-mailed to other people and sitting in the cloud (after doing step 14 above)? Is this because Ubuntu (booted from a CD) will prevent malware or key-loggers from getting my passphrase? Is it not possible that some malware or key-logger can still work on my computer through the internet?
Step 7 states:
I already have the blockchain downloaded and synced on my Mac with Bitcoin Core v0.14.1, pruned to 2GB. Will Bitcoin Core, running under Ubuntu on my Mac, be able to access this same folder? (If so, then downloading the blocks and synchronizing will take far less time.)
Can I indeed send out bitcoins if the Bitcoin Core has not synchronized the blockchain?
Am I correct to assume that after I've sent out bitcoins, I should "backup the wallet.dat file in several places" again?
It seems that a very secure method is the following:
https://en.bitcoin.it/wiki/How_to_set_up_a_secure_offline_savings_wallet
"Setting up an offline wallet from scratch"
Under "How to Deposit Funds", step 7 states:
Quote
Shut down your computer, and boot Ubuntu (or Linux distribution of you choice) from a liveCD. This will not affect your current operating system.
According to the link for liveCD (https://www.ubuntu.com/download/desktop), I can create a bootable Ubuntu USB stick from my Mac, which is what I'll do. When I do this, can malware get into my USB stick or into Ubuntu?
Step 11 states:
Quote
Shut down system and turn off computer. Before switching your computer on again, remove all power sources for about 1 minute. Physically remove battery from laptop.
I have a Mac and cannot take out the battery. How important is this step?
Step 14 states:
Quote
Backup encrypted wallet.dat file in several places:
- Send it to your 5 best friends by email attachment and ask them to save it for you.
- Save it on your cloud drive accounts created in step 1.
Am I correct to assume that if the wallet.dat file is encrypted with a strong passphrase, then it should be safe and secure to allow anyone, even hackers, to take a copy of wallet.dat, because they won't be able to decrypt it?
Under "How to Retrieve Funds", it has these steps:
Quote
- Boot from Ubuntu liveCD, as in step 5 above.
- Insert USB drive.
- Run bitcoin client and close it again.
- Replace wallet.dat in ~/.bitcoin directory with wallet.dat from USB drive.
- Connect to the internet.
- Restart bitcoin client.
- Wait for blocks to download (optional).
- Send bitcoins.
Step 4 states:
Quote
Replace wallet.dat in ~/.bitcoin directory with wallet.dat from USB drive.
Where will this ~/.bitcoin directory be? Will it be on my Mac's hard drive or on the USB drive? (If Bitcoin Core (running under Ubuntu) creates this directory onto my Mac's hard drive, then this means I'll have 2 bitcoin directories on my Mac: one for Bitcoin Core that has already run under my Mac and another for Bitcoin Core running under Ubuntu.)
Step 5 states:
Quote
Connect to the internet.
Why bother booting from Ubuntu (especially running it online) if the wallet.dat is already e-mailed to other people and sitting in the cloud (after doing step 14 above)? Is this because Ubuntu (booted from a CD) will prevent malware or key-loggers from getting my passphrase? Is it not possible that some malware or key-logger can still work on my computer through the internet?
Step 7 states:
Quote
Wait for blocks to download (optional).
I already have the blockchain downloaded and synced on my Mac with Bitcoin Core v0.14.1, pruned to 2GB. Will Bitcoin Core, running under Ubuntu on my Mac, be able to access this same folder? (If so, then downloading the blocks and synchronizing will take far less time.)
Can I indeed send out bitcoins if the Bitcoin Core has not synchronized the blockchain?
Am I correct to assume that after I've sent out bitcoins, I should "backup the wallet.dat file in several places" again?
You can boot ubuntu from a removable usb stick that should be fine.
However, there is considered to be a problem with the random number generation of linux software (and i'm not sure if this has been fixed yet)?
The idea of linux is that is it fairly immune from malware due to the security levels of the operating system, it doesn't make it impossible for something to sneak on.
I don't think you'll have to pull the battery out if it's not removable (that's probably ust to ensure the the computeris definitely off fully (which may be impossible as every computer has at least a clock that remains active that may still send a very small current through other parts of the computer).
Also you'll have to ensure that there is no problem with the usb drive that you use as they are still fairly bad at reliability over large amount of use (so ensure you put it on another USB stick/cd drive or any other storage medium if you can).
You cannot send transactions before the blockchain is downloaded. However, i'd recommend electrum.org if you wanted to do that (only use electrum.org to download their software). As they don't require you to download the blockchain. And you can place that on a separate removable USB stick as a portable version and it is then easier to acces across both platforms.
"~/.bitcoin" will be located on the ubuntu operating system on the USB stick.
A strong passphrase doesn't immunise your wallet from being hacked. It reduces the likelihood of it being hacked. Unless you use a fully randomized password of several megabytes of size (large enough for all the private keys)
If you're going to distribute it to the 5 friends, consider doing that offline (sending it using a flash drive or even a CD)
After researching wallets, I think I like to stick with Bitcoin Core, because it seems the least risky. It seems the least risky because I'm guessing that its source code is reviewed by the most people. With some wallets, I don't think many people review the source code. I don't see how anyone can review the source code in a hardware wallet's firmware.
It seems that a very secure method is the following:
https://en.bitcoin.it/wiki/How_to_set_up_a_secure_offline_savings_wallet
"Setting up an offline wallet from scratch"
Under "How to Deposit Funds", step 7 states:
According to the link for liveCD (https://www.ubuntu.com/download/desktop), I can create a bootable Ubuntu USB stick from my Mac, which is what I'll do. When I do this, can malware get into my USB stick or into Ubuntu?
Step 11 states:
I have a Mac and cannot take out the battery. How important is this step?
Step 14 states:
Am I correct to assume that if the wallet.dat file is encrypted with a strong passphrase, then it should be safe and secure to allow anyone, even hackers, to take a copy of wallet.dat, because they won't be able to decrypt it?
Under "How to Retrieve Funds", it has these steps:
Step 4 states:
Where will this ~/.bitcoin directory be? Will it be on my Mac's hard drive or on the USB drive? (If Bitcoin Core (running under Ubuntu) creates this directory onto my Mac's hard drive, then this means I'll have 2 bitcoin directories on my Mac: one for Bitcoin Core that has already run under my Mac and another for Bitcoin Core running under Ubuntu.)
Step 5 states:
Why bother booting from Ubuntu (especially running it online) if the wallet.dat is already e-mailed to other people and sitting in the cloud (after doing step 14 above)? Is this because Ubuntu (booted from a CD) will prevent malware or key-loggers from getting my passphrase? Is it not possible that some malware or key-logger can still work on my computer through the internet?
Step 7 states:
I already have the blockchain downloaded and synced on my Mac with Bitcoin Core v0.14.1, pruned to 2GB. Will Bitcoin Core, running under Ubuntu on my Mac, be able to access this same folder? (If so, then downloading the blocks and synchronizing will take far less time.)
Can I indeed send out bitcoins if the Bitcoin Core has not synchronized the blockchain?
Am I correct to assume that after I've sent out bitcoins, I should "backup the wallet.dat file in several places" again?
It seems that a very secure method is the following:
https://en.bitcoin.it/wiki/How_to_set_up_a_secure_offline_savings_wallet
"Setting up an offline wallet from scratch"
Under "How to Deposit Funds", step 7 states:
Quote
Shut down your computer, and boot Ubuntu (or Linux distribution of you choice) from a liveCD. This will not affect your current operating system.
According to the link for liveCD (https://www.ubuntu.com/download/desktop), I can create a bootable Ubuntu USB stick from my Mac, which is what I'll do. When I do this, can malware get into my USB stick or into Ubuntu?
Step 11 states:
Quote
Shut down system and turn off computer. Before switching your computer on again, remove all power sources for about 1 minute. Physically remove battery from laptop.
I have a Mac and cannot take out the battery. How important is this step?
Step 14 states:
Quote
Backup encrypted wallet.dat file in several places:
- Send it to your 5 best friends by email attachment and ask them to save it for you.
- Save it on your cloud drive accounts created in step 1.
Am I correct to assume that if the wallet.dat file is encrypted with a strong passphrase, then it should be safe and secure to allow anyone, even hackers, to take a copy of wallet.dat, because they won't be able to decrypt it?
Under "How to Retrieve Funds", it has these steps:
Quote
- Boot from Ubuntu liveCD, as in step 5 above.
- Insert USB drive.
- Run bitcoin client and close it again.
- Replace wallet.dat in ~/.bitcoin directory with wallet.dat from USB drive.
- Connect to the internet.
- Restart bitcoin client.
- Wait for blocks to download (optional).
- Send bitcoins.
Step 4 states:
Quote
Replace wallet.dat in ~/.bitcoin directory with wallet.dat from USB drive.
Where will this ~/.bitcoin directory be? Will it be on my Mac's hard drive or on the USB drive? (If Bitcoin Core (running under Ubuntu) creates this directory onto my Mac's hard drive, then this means I'll have 2 bitcoin directories on my Mac: one for Bitcoin Core that has already run under my Mac and another for Bitcoin Core running under Ubuntu.)
Step 5 states:
Quote
Connect to the internet.
Why bother booting from Ubuntu (especially running it online) if the wallet.dat is already e-mailed to other people and sitting in the cloud (after doing step 14 above)? Is this because Ubuntu (booted from a CD) will prevent malware or key-loggers from getting my passphrase? Is it not possible that some malware or key-logger can still work on my computer through the internet?
Step 7 states:
Quote
Wait for blocks to download (optional).
I already have the blockchain downloaded and synced on my Mac with Bitcoin Core v0.14.1, pruned to 2GB. Will Bitcoin Core, running under Ubuntu on my Mac, be able to access this same folder? (If so, then downloading the blocks and synchronizing will take far less time.)
Can I indeed send out bitcoins if the Bitcoin Core has not synchronized the blockchain?
Am I correct to assume that after I've sent out bitcoins, I should "backup the wallet.dat file in several places" again?
Jump to: