Author

Topic: HOWTO: create your paper-wallet, (1) **ENCRYPTED**, (2) yourself. (Read 1561 times)

donator
Activity: 29
Merit: 252
Quote
6. Convert this to QR code with desired level of error correction.


Dabs, thanks for the hints about compression and the QR idea. (I edited the OP a bit..)

 
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
I just use bitaddress.org but I take an extra step to get the compressed keys. Right now (version 2.4) it defaults to uncompressed keys. Then I encrypt the private key, ascii armor it, and make a QR code out of that.

Example:

1. Make new private key using bitaddress, I get this: 5K49hdzjdqkbca9E7zsEg8onpZf1m5AxP7YJqgtZiBTsSkRcvFj
2. I go to Wallet Details of bitaddress, then paste that uncompressed private key. View Details.
3. My compressed public key is 13t41etZ9WCFuM13dppXe7Tv423z7WwHZr. The compressed private key is L2guQNHqBcBRn1HJutQjMjTXEw8nMXQwSbsBju4bNmBbebpJKfn9
4. Let's use MySecret since it's free. All I have to do is encrypt the private key string. My Secret can be downloaded from http://www.di-mgt.com.au/mysecret.html It is NOT open source, but the blowfish algorithm it uses is Open.
5. encrypt private key with password "test".

L2guQNHqBcBRn1HJutQjMjTXEw8nMXQwSbsBju4bNmBbebpJKfn9

becomes

-----BEGIN MYSECRET-----
TVn8AIBQclmjnuJqqzuKH/9JPrP3upmBPdDa3F2i9b03Rlg9Osg92UMa8n02
xXT/rXwuq5zvUxFa2FsZWDyIgDviJJ58un/G1KTAxUAsqE9JB7/X5XYECYcD
24qkwHMCAFfxe0U0/5WlJtq7IMlixoJhumB9hUyGoAqQXgrL+ZYsG8HhExCI
F99U+ww=
-----END MYSECRET-----

which is only 240 bytes. As opposed to a GnuPG version which is 789 bytes.

6. Convert this to QR code with desired level of error correction.
7. Edit with photoshop or gimp or paint, print on paper.

You could also use encrypted QR code using QR Droid, and the private key using password "test" becomes 92 bytes of data. Easily scannable, but encrypted using your password of choice.


Personally, I'd go with unencrypted QR codes of the private key. 1 per page, enlarged to fit. Then I'd put that in an envelope, tape it closed, sign it, then physically secure that in a vault or somewhere safe.
hero member
Activity: 728
Merit: 500
165YUuQUWhBz3d27iXKxRiazQnjEtJNG9g
"super-paranoia mode" is relative.  Your suggested method has several vulnerabilities:

 * Someone hacked your machine and grabs your paper wallet files while you're generating them.
 * The keys are written to your hard drive during steps 4 and 6.  Deleting the files does not wipe the keys - they may still be recovered.
 * Have you verified your bitcoind binary?  Do you know it isn't trojaned?
staff
Activity: 4284
Merit: 8808
These instructions are somewhat dangerous— there is a reason the GUI doesn't expose the privkey stuff...

If the wallet had other funds in it those might be spent instead of the recently loaded key—  if there is any change left (e.g. the paper wallet's value wasn't sent exactly) that that change will go to another address not of the paper wallet. If the temporary wallet is then destroyed these funds will be lost forever.

At this time I'd recommend using armory for paper wallets.
donator
Activity: 29
Merit: 252
Jump to: