Topic: How would you say is the most secure way to create and maintain a paper wallet? (Read 851 times)

Thank you Pooya. This is fantastic!

Could you clarify a few things if you don't mind?

Any recommendations if I want to go the mnemonics route? And what exactly is an "export option"?

And if I'm doing mnemonics....Recommendations? Also, what is an encryption tool?

OK, I'm going to need this in layman's terms..."build"? How? Download the binaries? I'm guessing this is not a download an app and install type of deal.

I do have a Xubuntu Live USB. How do I verify it's signature?

I'm guessing a USB would suffice, correct? Also, do I need persistance or not?

I'm afraid I'll need a little bit more detail on this part. I'm not sure what "run the result" means. As well as "create a new wallet export the key/mnemonic"

I'm guessung this tool encrypts the key? Is the result of step 6 the key?

So it's not the key?

Create a backup...of the paper? Like make a xerox copy?

Write down the password... So is it not encrypted? What did we encrypt then?

So persistence...necessary or not?

How is that done exactly?

Again, thank you for the help!

Yes, a live linux distro is the way to go.

Persistence is just for storing data between different boots.
For creating a paper wallet, you don't actually need that if you are using the command line option.
When using the software wallet (a.k.a probably electrum) option, you might need it to store the electrum AppImage there prior booting the distro in offline mode.

And Tails basically just is a linux distro which is preconfigured for easier "privacy" mode, i.e. it is easier to boot it completely offline / with tor.
You can use tails, if you want to. Just as good as debian, manjaro, whatever. As long as it is a trusted distro and you verify the signature of the .iso prior installing it, you are fine.

Thanks! Beautiful explanation. So Linux live USB then? With persistence or without? Also how does that compare to tails in security?

Just like pooya87 said. Use a good wallet on a live linux distro (everything offline + signatures verified). That's the easiest way.
Another option would be to use command line tools from linux which are built in. This won't give you a mnemonic code, but you'll be able to generate a private-/public keypair and address with nothing but core functionality from your operating system.




Well, you don't need to print it on a piece of paper (which can be vulnerable to water, fire, etc..).
You could for example engrave the private key into metal.




A mobile which never goes online and doesn't have any other network connection (preferably with the components being removed) would be an option, yes.
That's basically dedicated cold storage. Most people use an old PC or laptop. But a mobile is fine too.



This always depends on the user and environment.

Generally:
Dedicated Cold Storage > Paper Wallet > HW Wallet > Desktop-/Mobile Wallet > Browser-based Wallet > Web Wallet > Custodial Wallet


But you also have to know the pitfalls of each scheme. For example:

• If you for example use a website to create your paper wallet on an online device, it suddenly is roughly as secure as a web wallet.
• And if you create it perfectly, but at some point you need to spend from your paper wallet and use a software wallet being online, this whole setup suddenly is no longer more secure than a standard desktop wallet.

In the end, no storage method is perfect. There is no "most secure" option. It always depends on your adversary- / threat model.

1) How else does (should) one generate a paper wallet then?

2) Didn't get you about the not forced to use the paper as a medium to storage. Could you eleborate please?

3) Dedicated offline storage? Like a mobile that's never online? Or do you mean HW like Ledger?

Could you rank storage methods from most secure to least?

Don't listen to him.
You should never use any website to generate a paper wallet. And neither are you forced to only use paper as the medium of storage.

To answer your question, it depends.
Generally, a dedicated offline device is the best way to store private keys in a cold wallet.

If you don't transact very often and don't want to buy a HW wallet, a paper wallet would be one of the most secure ways.

So what do you suggest as a 2nd best alternative to HW?

When I created a paper wallet with (BIP38) on a live linux distro I always print the wallets and also safe the wallets to a PDF file.

I store this PDF on an USB drive and safe this in an external place. So if the paper wallet got broken/lost I always have a copy of it.

When you look at what is the only safe procedure, then this way of storing keys definitely is not for beginners. Of course, we should not forget that in addition to all the steps necessary to create a paper wallet, you need to know how to properly spend those same funds when the time comes. In case someone tries to spend part of the funds directly from such a wallet, without first paying attention to the change address, will be unpleasantly surprised.

WARNING: How I lost Bitcoins using a paper wallet

pooya87 already pretty much gave you a good list.
 
A little addition to step 8 (printing the paper wallet) would be, that you shouldn't use a modern printer which either 1) stores printed files in a cache or 2) is network-/internet connected.

Such printers pose a real risk. I remember reading a paper stating that roughly 50% (don't quote me on that number) of such printers can be manipulated by simply just visiting a malicious website (obviously javascript enabled, just like a regular user would browse).
You really want to use an old offline printer if you are going to print it out.

1,2. it will only work if you choose single private key instead of mnemonic since BIP38 is defined for private keys only and we have no BIP for mnemonic encryption. a simple AES-256 encrytion of the string would work on anything though.
nonetheless i've updated my answer, thanks.
4. good idea.
8. it won't matter as much if it is encrypted using a strong password. worst case scenario you can print it on your online machine and then try wiping the memory. although i believe Linux distros such as Ubuntu already support a lot of printers without needing any driver installation but i may be wrong.

I wouldn't recommend paper wallet unless you're expert and being very careful on every single steps you do to create and maintain paper wallet.


Some thought or alternative,
1,2. You can use tools which support BIP 38
4. Choosing live distro which offer offline mode or better security (such as Tails) might be useful
8. This part is vague, do you mean print from running OS on DVD? How about driver support?

0. decide whether you want to use private key or mnemonic in your paper wallet. (the later is better since it can create as many keys as you want)
1. choose a tool that can be trusted to create the key safely. any popular wallet that has an export option is excellent for this. this choice depends on step 0 since not all tools can create mnemonics, for example bitcoin core (only private keys) or Electrum (both private keys and mnemonic).
2. choose an encryption tool and learn how to use it correctly. this must be an open source tool that is capable of strong encryption using AES. if your step 0 choice is to use a single private key you can choose a tool that supports BIP38 encryption and skip this step.
3. build your step 1 choice from source or download the binaries and verify its signature.
4. download a Linux distribution and verify its signature.
5. burn the Linux OS on a DVD, disconnect your network and boot up that DVD.
6. run the result (the "tool") of step 3 in that live OS, create a new wallet export the key/mnemonic
7. encrypt the result of step 6 with the tool chosen in step 2
8. print the encrypted result. create backups and write down the password separately in another secure place.
9. laminate the paper or use a metal plate and engrave your encrypted result on it and store it in a safe place that is not exposed to things that can damage it.
10. (important step) reboot the same DVD and try to recover the key you just created using your password and see if you can get the same address (this makes sure you have written things down correctly). if step 0 choice was a mnemonic you can send some coins to the first address and spend it using an offline/online combination of master private key (on offline backup) and master public key (on the online machine) to also test spending.

don't be afraid to create more than one paper wallet this way for testing and send money to and from that wallet before you create one final one that you end up using.

You should not be using paper wallets anymore, there is too much risk that the paper the private keys are written on will get damaged or lost. Also when using paper wallets your security is at the mercy of the site or app you use to get the private keys. Some of these sites aren’t using enough randomness and could leak the keys.

You should be using a hardware wallet to store large sums of bitcoin. These don’t let people extract private keys, they can’t be used by thieves without knowing the PIN you set on them, and some hardware wallets self-destruct if you enter the PIN code incorrectly too many times.

Care to share your knowledge?