Topic: How would you say is the most secure way to create and maintain a paper wallet? (Read 816 times)

For convenience, you might really want to use the master public key to create a watch-only wallet on your network-connected PC.
You'll see incoming transactions and will be able to check the balance of your paper wallet.

Basically, you can do everything you could do with a "normal" wallet except for signing transactions (sending BTC).

That way, you'll be able to verify that you received coins to your paper wallet by simply looking at your watch-only wallet. Further, you'll be able to create new addresses (which are all part of your paper wallet) without the risk of compromising your private keys.

Signing a transaction simply proves to the network that you own the private keys of the addresses you are trying to spend from.

I could create a transaction which says to move all your bitcoin to an address I own. However, because I do not have access to your private keys, I could not sign the transaction and therefore it would be invalid and would be rejected by the network and not transmitted nor mined.

You could take the same transaction and sign it. What that does is it combines the transaction with the private keys related to the addresses you are trying to spend from and some other random data, performs some mathematical processes, and generates a digital signature. Your wallet then combines that digital signature with the transaction before broadcasting, which makes your transaction valid and therefore will be transmitted through the network.

Aaaaand off to Google, again. Ugh

signing a transaction is what you do when you want to spend your bitcoins.
you can create the transaction elsewhere (in this case online) without the signature part, then transfer it to the offline/cold storage and sign it there where your private keys are kept then bring the signed result to the online machine and broadcast.
when both are online (like a hot wallet) you just enter the destination address and amount then click send. the wallet creates the transaction, signs it and broadcast the result.

Thank you so much! It helps a lot. So signing transactions...when do I need to do that?

Private keys let you sign transactions. As the name suggests, they must be kept private. If anyone else accesses your private keys, then they can move your coins.

Public keys are derived from private keys through a process called elliptic curve multiplication. Every private key will generate one public key in normal use. Public keys let you look at the coins stored on them, but not move them.

Addresses are derived from public keys through a process of hashes and calculating checksums. Every public key can create multiple addresses - a legacy, a nested segwit, and a native segwit. Addresses are generally how we interact with bitcoin - we send them to addresses, and we receive them to addresses. In fact, it is entirely possible to send and receive bitcoin without ever seeing a private key or a public key - your wallet handles all this automatically in the background. You just need to know which addresses of yours have bitcoin at them, and which addresses you want to send bitcoin to.

Generally a wallet will contain one type of address (legacy, nested segwit, or native segwit). It will contain a list of private keys derived from the seed phrase, each private key will derive one public key, and each public key will derive one address.

Other terms I've used are master private key and master public key.

Your master private key (or xprv) is a key which can derive all your other private keys, and therefore all your public keys and addresses too, in that wallet.

Your master public key (or xpub) is a key which can derive all your other public keys and addresses in that wallet, but importantly, not your private keys.

Hope that helps. There is more good info here: https://learnmeabitcoin.com/beginners/keys_addresses

I like you' explanations o_e_l_e_o!

I'm not quite getting how to use "public key vs address vs private key". Can you help me understand their usage?

Two possibilities. The easiest way is to simply look up the address you have sent to in a block explorer such as blockchair.com. The better way is to export your master public key from your Electrum wallet after writing down your seed, and then later install Electrum on your main OS with Internet access and create a new wallet using your master public key. This new wallet will show all the addresses which are stored in your paper wallet, but won't be able to spend from any of them.

Make sure that all connectivity, not just WiFi, is disabled (ethernet cables, Bluetooth, etc.) I also like to physically disconnect the relevant hardware and the hard drive if possible.

In context of creating watching-only wallet, you only can use "address" and "master public key". But you better use "master public key" since you don't need to worry about newly generated address or importing "address" one by one.

Ahh OK. So this then. Clicking on "details", I see  "address" and "public key", what's the difference in their usage?

receive tab shows you the first address in your wallet that has not yet received any coins (or in other words is unused). your addresses tab contains all your addresses and you can manually select any address from that list that you like. which could be useful when you have a cold storage which is not connected to the internet to sync so the "receive tab" doesn't know which address is unused and will always show you the first address.
the QR code is shown right there at the right side if the screen in your receive tab. in your addresses tab you can right click each address and select their Details option, there is a QR button in that new window.

read this for more details about how to receive coins, see you have received them and spend them later: https://electrum.readthedocs.io/en/latest/coldstorage.html
i also strongly suggest trying things using the testnet.

OK. Let me explain...

I'm not really trying to create a HW. I'm creating a paper wallet, for the main purpose of storing bitcoin. Of course, I might also need to use them for spending, but for now, the intention is a "savings account".

Following the method suggested here by Pooya and others, I'm going to use a Linux non-persistent live disk and Electrum (segwit) to create the wallet. The following are the steps I'll follow...

1) Create a Linux live USB (non-persistent).

2) Download Electrum.

3) Disable wifi.

4) Verify Electrum signature.

5) Create the wallet using segwit.

6) "Write down" the phrase.

7) ??

Step 6 is as far as i went. I'd like to know what I should do next. Namely...

1) How do I sent bitcoin to my paperwallet, let's say from Coin base? Is it to go to the receive tab like shown here and copy the address like shown here (mind you, I don't see the QR on my Electrum. Is that because I'm not online?) and paste the address on coin base to send? If so...

2) How exactly (in complete newbie terms) do I verify that I received the coins considering all the above (that I'm creating a secure paper wallet and that I'm not supposed to connect to the internet etc)?

3) Are there any steps above which need improvement / correction?

Thank you so much for the help! And yeah, of course, anyone can chime in!

There is a difference between a paper wallet and an air-gapped wallet.
For an air-gapped wallet, you need a device which stays offline and won't go online anymore.

For a paper wallet, this isn't necessary. In this case a live linux distro is sufficient if done correctly.




With an air-gapped wallet? Usually by using a second device using either a watch-only wallet or a blockchain explorer.

I have only one computer and it's my daily driver. Do I really have to buy another computer for just this purpose. I thought doing it on a non-persistent live Linux disk served the same purpose.

Also, how do I verify that I've received the bitcoin that I sent to myself without going online? How is this part covered?

The point of an airgapped wallet is that the system is completely offline before the keys are being generated.
You could go online with the device to download electrum, remove all connections, verify the signature and use it as an airgapped wallet. But you could also download the wallet from a different computer and move it there. Doesn't really matter that much as long as you verify the software.

The really important part is to not connect it to any network after generating the keys.




No, it's not.
You don't need to go online at any point.

Generating the mnemonic code on your offline device and backing it up is all you actually need to do to actually use it as an offline wallet.

OK. There are a few fundamentals that I'm missing. On electrum, it can't be a permenantly airgaped computer because you'd need internet to download Electrum and it's dependacies. So I'm guessing disconnect/airgap after installing it, correct?

After the screen/step where you get your phrase and the next screen/step to enter your password, and then to re-enter the password...there is this window which displays your key(?) and qrcode with a circle on the bottom right corner which turns green when you're online. Is this window/step not necessary?

My airgapped device runs Linux. I use LUKS for whole disk encryption.
Yes, I predominantly use seed phrases rather than individual private keys, unless for very specific purposes.
No, you can create wallets offline with Electrum (or pretty much any good wallet or software). The wallet will not be able to update your balances without an internet connection or some other means of receiving blockchain data, but it is entirely possible to create a seed phrase and derive all the relevant private keys, public keys, and addresses without an internet connection.

---

Note that creating a wallet offline is exactly how cold storage is supposed to work. I can use Electrum on an airgapped device to create a new wallet from scratch. That wallet will contain all my private keys, but it will not show any balances. I then export the master public key from that airgapped wallet and move the master public key to an internet enabled device and import it in to a new Electrum wallet. This new wallet will only be able to generate the matching public keys and addresses only, and not the private keys. This is called a "watch only wallet" for that reason. It does not have the private keys, so it cannot sign any transactions (and therefore cannot be hacked), but it has an internet connection so can see incoming transactions and update balances.

When I want to make a transaction, I use the live watch only wallet to create the transaction. I then transfer it to the airgapped device which has the wallet containing the private keys (either via USB drive or scanning QR codes). The airgapped wallet can then sign the transaction, and I then transfer it back to the live watch only wallet, which can broadcast it to the network.

Are you using Windows or Linux, or Mac? So you're using mnemonic phrases? When using Electrum, don't you have to be connected to the internet when creating a wallet?

You are correct, the only way to encrypt a file without leaving temporary copies behind is if it’s done in-memory and then the memory is overwritten with random data, and the sensitive info is read from some kind of text box used for passwords (how much privacy it provides depends on the text box implementation). Personally I like the text box GPG uses, it uses something called pinentry and it disables all of the editor shortcuts like Ctrl-C/V, and locks the input focus on the password dialogue.

Granted all of this requires you write your own encryption program, but because GPG is open source you can easily write a simple C program using libgcrypt and pinentry that somewhat replicates what GPG does except it reads from memory and not a file.

I can't speak for NotATether, but whenever I am dealing with sensitive information like this I am doing so on my permanently airgapped device which uses whole disk encryption. Anything left behind after I am finished is encrypted along with the rest of the contents of the hard drive.

Hand written. Using a printer just adds yet another attack vector, as almost all modern printers can be hacked, can run malware, have WiFi and Bluetooth capabilities, have internal memory which will store recently printed files, etc. The paper wallets I use are not "classical" paper wallets in the sense of a QR code and a single private key, but rather a full seed phrase - easier to work with, easier to write down, harder to make a mistake, reusable multiple times, no worries about change addresses.