Quote
6. Convert this to QR code with desired level of error correction.
Dabs, thanks for the hints about compression and the QR idea. (I edited the OP a bit..)
Topic: HOWTO: create your paper-wallet, (1) **ENCRYPTED**, (2) yourself. (Read 1534 times)
Dabs, thanks for the hints about compression and the QR idea. (I edited the OP a bit..)
April 11, 2013, 02:12:18 AM
I just use bitaddress.org but I take an extra step to get the compressed keys. Right now (version 2.4) it defaults to uncompressed keys. Then I encrypt the private key, ascii armor it, and make a QR code out of that.
Example:
1. Make new private key using bitaddress, I get this: 5K49hdzjdqkbca9E7zsEg8onpZf1m5AxP7YJqgtZiBTsSkRcvFj
2. I go to Wallet Details of bitaddress, then paste that uncompressed private key. View Details.
3. My compressed public key is 13t41etZ9WCFuM13dppXe7Tv423z7WwHZr. The compressed private key is L2guQNHqBcBRn1HJutQjMjTXEw8nMXQwSbsBju4bNmBbebpJKfn9
4. Let's use MySecret since it's free. All I have to do is encrypt the private key string. My Secret can be downloaded from http://www.di-mgt.com.au/mysecret.html It is NOT open source, but the blowfish algorithm it uses is Open.
5. encrypt private key with password "test".
L2guQNHqBcBRn1HJutQjMjTXEw8nMXQwSbsBju4bNmBbebpJKfn9
becomes
-----BEGIN MYSECRET-----
TVn8AIBQclmjnuJqqzuKH/9JPrP3upmBPdDa3F2i9b03Rlg9Osg92UMa8n02
xXT/rXwuq5zvUxFa2FsZWDyIgDviJJ58un/G1KTAxUAsqE9JB7/X5XYECYcD
24qkwHMCAFfxe0U0/5WlJtq7IMlixoJhumB9hUyGoAqQXgrL+ZYsG8HhExCI
F99U+ww=
-----END MYSECRET-----
which is only 240 bytes. As opposed to a GnuPG version which is 789 bytes.
6. Convert this to QR code with desired level of error correction.
7. Edit with photoshop or gimp or paint, print on paper.
You could also use encrypted QR code using QR Droid, and the private key using password "test" becomes 92 bytes of data. Easily scannable, but encrypted using your password of choice.
Personally, I'd go with unencrypted QR codes of the private key. 1 per page, enlarged to fit. Then I'd put that in an envelope, tape it closed, sign it, then physically secure that in a vault or somewhere safe.
Example:
1. Make new private key using bitaddress, I get this: 5K49hdzjdqkbca9E7zsEg8onpZf1m5AxP7YJqgtZiBTsSkRcvFj
2. I go to Wallet Details of bitaddress, then paste that uncompressed private key. View Details.
3. My compressed public key is 13t41etZ9WCFuM13dppXe7Tv423z7WwHZr. The compressed private key is L2guQNHqBcBRn1HJutQjMjTXEw8nMXQwSbsBju4bNmBbebpJKfn9
4. Let's use MySecret since it's free. All I have to do is encrypt the private key string. My Secret can be downloaded from http://www.di-mgt.com.au/mysecret.html It is NOT open source, but the blowfish algorithm it uses is Open.
5. encrypt private key with password "test".
L2guQNHqBcBRn1HJutQjMjTXEw8nMXQwSbsBju4bNmBbebpJKfn9
becomes
-----BEGIN MYSECRET-----
TVn8AIBQclmjnuJqqzuKH/9JPrP3upmBPdDa3F2i9b03Rlg9Osg92UMa8n02
xXT/rXwuq5zvUxFa2FsZWDyIgDviJJ58un/G1KTAxUAsqE9JB7/X5XYECYcD
24qkwHMCAFfxe0U0/5WlJtq7IMlixoJhumB9hUyGoAqQXgrL+ZYsG8HhExCI
F99U+ww=
-----END MYSECRET-----
which is only 240 bytes. As opposed to a GnuPG version which is 789 bytes.
6. Convert this to QR code with desired level of error correction.
7. Edit with photoshop or gimp or paint, print on paper.
You could also use encrypted QR code using QR Droid, and the private key using password "test" becomes 92 bytes of data. Easily scannable, but encrypted using your password of choice.
Personally, I'd go with unencrypted QR codes of the private key. 1 per page, enlarged to fit. Then I'd put that in an envelope, tape it closed, sign it, then physically secure that in a vault or somewhere safe.
April 11, 2013, 12:45:23 AM
"super-paranoia mode" is relative. Your suggested method has several vulnerabilities:
* Someone hacked your machine and grabs your paper wallet files while you're generating them.
* The keys are written to your hard drive during steps 4 and 6. Deleting the files does not wipe the keys - they may still be recovered.
* Have you verified your bitcoind binary? Do you know it isn't trojaned?
* Someone hacked your machine and grabs your paper wallet files while you're generating them.
* The keys are written to your hard drive during steps 4 and 6. Deleting the files does not wipe the keys - they may still be recovered.
* Have you verified your bitcoind binary? Do you know it isn't trojaned?
April 10, 2013, 11:31:28 PM
These instructions are somewhat dangerous— there is a reason the GUI doesn't expose the privkey stuff...
If the wallet had other funds in it those might be spent instead of the recently loaded key— if there is any change left (e.g. the paper wallet's value wasn't sent exactly) that that change will go to another address not of the paper wallet. If the temporary wallet is then destroyed these funds will be lost forever.
At this time I'd recommend using armory for paper wallets.
If the wallet had other funds in it those might be spent instead of the recently loaded key— if there is any change left (e.g. the paper wallet's value wasn't sent exactly) that that change will go to another address not of the paper wallet. If the temporary wallet is then destroyed these funds will be lost forever.
At this time I'd recommend using armory for paper wallets.
April 10, 2013, 10:15:50 PM
d
Jump to: